| /* |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| */ |
| /** |
| * @file test_x509.c |
| * @author Kealan McCusker |
| * @brief Test x509 functions |
| * |
| */ |
| |
| #include "rsa_WWW.h" |
| #include "ecdh_ZZZ.h" |
| #include "x509.h" |
| #include "utils.h" |
| #include <stdio.h> |
| #include <string.h> |
| #include <stdlib.h> |
| |
| //#define DEBUG |
| |
| #define ECC 1 |
| #define RSA 2 |
| #define H160 1 |
| #define H256 2 |
| #define H384 3 |
| #define H512 4 |
| |
| // #define CHOICE "ZZZ" |
| |
| #define LINE_LEN 10000 |
| #define MAX_STRING 300 |
| |
| #define MAXMODBYTES 72 |
| #define MAXFFLEN 16 |
| |
| char sig[MAXMODBYTES*MAXFFLEN]; |
| octet SIG= {0,sizeof(sig),sig}; |
| |
| char sig2[MAXMODBYTES*MAXFFLEN]; |
| octet SIG2= {0,sizeof(sig2),sig2}; |
| |
| char r[MAXMODBYTES]; |
| octet R= {0,sizeof(r),r}; |
| |
| char s[MAXMODBYTES]; |
| octet S= {0,sizeof(s),s}; |
| |
| char cakey[MAXMODBYTES*MAXFFLEN]; |
| octet CAKEY= {0,sizeof(cakey),cakey}; |
| |
| char certkey[MAXMODBYTES*MAXFFLEN]; |
| octet CERTKEY= {0,sizeof(certkey),certkey}; |
| |
| char h[5000]; |
| octet H= {0,sizeof(h),h}; |
| |
| char hh[5000]; |
| octet HH= {0,sizeof(hh),hh}; |
| |
| char hp[RFS_WWW]; |
| octet HP= {0,sizeof(hp),hp}; |
| |
| // countryName |
| static char cn[3]= {0x55,0x04,0x06}; |
| static octet CN= {3,sizeof(cn),cn}; |
| |
| // stateName |
| static char sn[3]= {0x55,0x04,0x08}; |
| static octet SN= {3,sizeof(sn),sn}; |
| |
| // localName |
| static char ln[3]= {0x55,0x04,0x07}; |
| static octet LN= {3,sizeof(ln),ln}; |
| |
| // orgName |
| static char on[3]= {0x55,0x04,0x0A}; |
| static octet ON= {3,sizeof(on),on}; |
| |
| // unitName |
| static char un[3]= {0x55,0x04,0x0B}; |
| static octet UN= {3,sizeof(un),un}; |
| |
| // myName |
| static char mn[3]= {0x55,0x04,0x03}; |
| static octet MN= {3,sizeof(mn),mn}; |
| |
| // emailName |
| static char en[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01}; |
| static octet EN= {9,sizeof(en),en}; |
| |
| int compare_data(octet *cert,octet *data,int index) |
| { |
| int i; |
| for (i=0; i<data->len; i++) |
| { |
| if (cert->val[index+i]!=data->val[i]) |
| { |
| return 0; |
| } |
| } |
| return 1; |
| } |
| |
| int main(int argc, char** argv) |
| { |
| if (argc != 2) |
| { |
| printf("usage: ./test_x509 [path to test vector file]\n"); |
| exit(EXIT_FAILURE); |
| } |
| int sha; |
| pktype st,pt; |
| pktype ca = {0,0,0}; |
| FILE * fp = NULL; |
| char line[LINE_LEN]; |
| char * linePtr = NULL; |
| int l1=0; |
| const char* CAStr = "CA = "; |
| const char* CERTStr = "CERT = "; |
| |
| char issuerc[MAX_STRING]; |
| octet IssuerCOct= {0,MAX_STRING,issuerc}; |
| const char* IssuerCStr = "IssuerC = "; |
| |
| char issuerst[MAX_STRING]; |
| octet IssuerSTOct= {0,MAX_STRING,issuerst}; |
| const char* IssuerSTStr = "IssuerST = "; |
| |
| char issuerl[MAX_STRING]; |
| octet IssuerLOct= {0,MAX_STRING,issuerl}; |
| const char* IssuerLStr = "IssuerL = "; |
| |
| char issuero[MAX_STRING]; |
| octet IssuerOOct= {0,MAX_STRING,issuero}; |
| const char* IssuerOStr = "IssuerO = "; |
| |
| char issuerou[MAX_STRING]; |
| octet IssuerOUOct= {0,MAX_STRING,issuerou}; |
| const char* IssuerOUStr = "IssuerOU = "; |
| |
| char issuercn[MAX_STRING]; |
| octet IssuerCNOct= {0,MAX_STRING,issuercn}; |
| const char* IssuerCNStr = "IssuerCN = "; |
| |
| char issueremailaddress[MAX_STRING]; |
| octet IssuerEmailAddressOct= {0,MAX_STRING,issueremailaddress}; |
| const char* IssuerEmailAddressStr = "IssuerEmailAddress = "; |
| |
| |
| char subjectc[MAX_STRING]; |
| octet SubjectCOct= {0,MAX_STRING,subjectc}; |
| const char* SubjectCStr = "SubjectC = "; |
| |
| char subjectst[MAX_STRING]; |
| octet SubjectSTOct= {0,MAX_STRING,subjectst}; |
| const char* SubjectSTStr = "SubjectST = "; |
| |
| char subjectl[MAX_STRING]; |
| octet SubjectLOct= {0,MAX_STRING,subjectl}; |
| const char* SubjectLStr = "SubjectL = "; |
| |
| char subjecto[MAX_STRING]; |
| octet SubjectOOct= {0,MAX_STRING,subjecto}; |
| const char* SubjectOStr = "SubjectO = "; |
| |
| char subjectou[MAX_STRING]; |
| octet SubjectOUOct= {0,MAX_STRING,subjectou}; |
| const char* SubjectOUStr = "SubjectOU = "; |
| |
| char subjectcn[MAX_STRING]; |
| octet SubjectCNOct= {0,MAX_STRING,subjectcn}; |
| const char* SubjectCNStr = "SubjectCN = "; |
| |
| char subjectemailaddress[MAX_STRING]; |
| octet SubjectEmailAddressOct= {0,MAX_STRING,subjectemailaddress}; |
| const char* SubjectEmailAddressStr = "SubjectEmailAddress = "; |
| |
| char vf[MAX_STRING]; |
| octet vfOct= {0,MAX_STRING,vf}; |
| const char* vfStr = "vf = "; |
| |
| char vt[MAX_STRING]; |
| octet vtOct= {0,MAX_STRING,vt}; |
| const char* vtStr = "vt = "; |
| |
| char cert_pk[512]; |
| octet CERT_PKOct= {0,sizeof(cert_pk),cert_pk}; |
| const char* CERT_PKStr = "CERT_PK = "; |
| |
| fp = fopen(argv[1], "r"); |
| if (fp == NULL) |
| { |
| printf("ERROR opening test vector file\n"); |
| exit(EXIT_FAILURE); |
| } |
| |
| rsa_public_key_WWW PK; |
| |
| bool readLine = false; |
| int i=0; |
| while (fgets(line, LINE_LEN, fp) != NULL) |
| { |
| i++; |
| readLine = true; |
| |
| if (!strncmp(line, IssuerCStr, strlen(IssuerCStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| linePtr = line + strlen(IssuerCStr); |
| OCT_clear(&IssuerCOct); |
| OCT_jstring(&IssuerCOct,linePtr); |
| IssuerCOct.len -= 1; |
| |
| #ifdef DEBUG |
| printf("IssuerCOct Hex: "); |
| OCT_output(&IssuerCOct); |
| printf("IssuerCOct ASCII: "); |
| OCT_output_string(&IssuerCOct); |
| printf("\n"); |
| #endif |
| } |
| |
| if (!strncmp(line, IssuerSTStr, strlen(IssuerSTStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| linePtr = line + strlen(IssuerSTStr); |
| OCT_clear(&IssuerSTOct); |
| OCT_jstring(&IssuerSTOct,linePtr); |
| IssuerSTOct.len -= 1; |
| |
| #ifdef DEBUG |
| printf("IssuerSTOct Hex: "); |
| OCT_output(&IssuerSTOct); |
| printf("IssuerSTOct ASCII: "); |
| OCT_output_string(&IssuerSTOct); |
| printf("\n"); |
| #endif |
| } |
| |
| if (!strncmp(line, IssuerLStr, strlen(IssuerLStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| linePtr = line + strlen(IssuerLStr); |
| OCT_clear(&IssuerLOct); |
| OCT_jstring(&IssuerLOct,linePtr); |
| IssuerLOct.len -= 1; |
| |
| #ifdef DEBUG |
| printf("IssuerLOct Hex: "); |
| OCT_output(&IssuerLOct); |
| printf("IssuerLOct ASCII: "); |
| OCT_output_string(&IssuerLOct); |
| printf("\n"); |
| #endif |
| } |
| |
| if (!strncmp(line, IssuerOStr, strlen(IssuerOStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| linePtr = line + strlen(IssuerOStr); |
| OCT_clear(&IssuerOOct); |
| OCT_jstring(&IssuerOOct,linePtr); |
| IssuerOOct.len -= 1; |
| |
| #ifdef DEBUG |
| printf("IssuerOOct Hex: "); |
| OCT_output(&IssuerOOct); |
| printf("IssuerOOct ASCII: "); |
| OCT_output_string(&IssuerOOct); |
| printf("\n"); |
| #endif |
| } |
| |
| if (!strncmp(line, IssuerOUStr, strlen(IssuerOUStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| linePtr = line + strlen(IssuerOUStr); |
| OCT_clear(&IssuerOUOct); |
| OCT_jstring(&IssuerOUOct,linePtr); |
| IssuerOUOct.len -= 1; |
| |
| #ifdef DEBUG |
| printf("IssuerOUOct Hex: "); |
| OCT_output(&IssuerOUOct); |
| printf("IssuerOUOct ASCII: "); |
| OCT_output_string(&IssuerOUOct); |
| printf("\n"); |
| #endif |
| } |
| |
| if (!strncmp(line, IssuerCNStr, strlen(IssuerCNStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| linePtr = line + strlen(IssuerCNStr); |
| OCT_clear(&IssuerCNOct); |
| OCT_jstring(&IssuerCNOct,linePtr); |
| IssuerCNOct.len -= 1; |
| |
| #ifdef DEBUG |
| printf("IssuerCNOct Hex: "); |
| OCT_output(&IssuerCNOct); |
| printf("IssuerCNOct ASCII: "); |
| OCT_output_string(&IssuerCNOct); |
| printf("\n"); |
| #endif |
| } |
| |
| if (!strncmp(line, IssuerEmailAddressStr, strlen(IssuerEmailAddressStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| linePtr = line + strlen(IssuerEmailAddressStr); |
| OCT_clear(&IssuerEmailAddressOct); |
| OCT_jstring(&IssuerEmailAddressOct,linePtr); |
| IssuerEmailAddressOct.len -= 1; |
| |
| #ifdef DEBUG |
| printf("IssuerEmailAddressOct Hex: "); |
| OCT_output(&IssuerEmailAddressOct); |
| printf("IssuerEmailAddressOct ASCII: "); |
| OCT_output_string(&IssuerEmailAddressOct); |
| printf("\n"); |
| #endif |
| } |
| |
| if (!strncmp(line, SubjectCStr, strlen(SubjectCStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| linePtr = line + strlen(SubjectCStr); |
| OCT_clear(&SubjectCOct); |
| OCT_jstring(&SubjectCOct,linePtr); |
| SubjectCOct.len -= 1; |
| |
| #ifdef DEBUG |
| printf("SubjectCOct Hex: "); |
| OCT_output(&SubjectCOct); |
| printf("SubjectCOct ASCII: "); |
| OCT_output_string(&SubjectCOct); |
| printf("\n"); |
| #endif |
| } |
| |
| if (!strncmp(line, SubjectSTStr, strlen(SubjectSTStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| linePtr = line + strlen(SubjectSTStr); |
| OCT_clear(&SubjectSTOct); |
| OCT_jstring(&SubjectSTOct,linePtr); |
| SubjectSTOct.len -= 1; |
| |
| #ifdef DEBUG |
| printf("SubjectSTOct Hex: "); |
| OCT_output(&SubjectSTOct); |
| printf("SubjectSTOct ASCII: "); |
| OCT_output_string(&SubjectSTOct); |
| printf("\n"); |
| #endif |
| } |
| |
| if (!strncmp(line, SubjectLStr, strlen(SubjectLStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| linePtr = line + strlen(SubjectLStr); |
| OCT_clear(&SubjectLOct); |
| OCT_jstring(&SubjectLOct,linePtr); |
| SubjectLOct.len -= 1; |
| |
| #ifdef DEBUG |
| printf("SubjectLOct Hex: "); |
| OCT_output(&SubjectLOct); |
| printf("SubjectLOct ASCII: "); |
| OCT_output_string(&SubjectLOct); |
| printf("\n"); |
| #endif |
| } |
| |
| if (!strncmp(line, SubjectOStr, strlen(SubjectOStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| linePtr = line + strlen(SubjectOStr); |
| OCT_clear(&SubjectOOct); |
| OCT_jstring(&SubjectOOct,linePtr); |
| SubjectOOct.len -= 1; |
| |
| #ifdef DEBUG |
| printf("SubjectOOct Hex: "); |
| OCT_output(&SubjectOOct); |
| printf("SubjectOOct ASCII: "); |
| OCT_output_string(&SubjectOOct); |
| printf("\n"); |
| #endif |
| } |
| |
| if (!strncmp(line, SubjectOUStr, strlen(SubjectOUStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| linePtr = line + strlen(SubjectOUStr); |
| OCT_clear(&SubjectOUOct); |
| OCT_jstring(&SubjectOUOct,linePtr); |
| SubjectOUOct.len -= 1; |
| |
| #ifdef DEBUG |
| printf("SubjectOUOct Hex: "); |
| OCT_output(&SubjectOUOct); |
| printf("SubjectOUOct ASCII: "); |
| OCT_output_string(&SubjectOUOct); |
| printf("\n"); |
| #endif |
| } |
| |
| if (!strncmp(line, SubjectCNStr, strlen(SubjectCNStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| linePtr = line + strlen(SubjectCNStr); |
| OCT_clear(&SubjectCNOct); |
| OCT_jstring(&SubjectCNOct,linePtr); |
| SubjectCNOct.len -= 1; |
| |
| #ifdef DEBUG |
| printf("SubjectCNOct Hex: "); |
| OCT_output(&SubjectCNOct); |
| printf("SubjectCNOct ASCII: "); |
| OCT_output_string(&SubjectCNOct); |
| printf("\n"); |
| #endif |
| } |
| |
| if (!strncmp(line, SubjectEmailAddressStr, strlen(SubjectEmailAddressStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| linePtr = line + strlen(SubjectEmailAddressStr); |
| OCT_clear(&SubjectEmailAddressOct); |
| OCT_jstring(&SubjectEmailAddressOct,linePtr); |
| SubjectEmailAddressOct.len -= 1; |
| |
| #ifdef DEBUG |
| printf("SubjectEmailAddressOct Hex: "); |
| OCT_output(&SubjectEmailAddressOct); |
| printf("SubjectEmailAddressOct ASCII: "); |
| OCT_output_string(&SubjectEmailAddressOct); |
| printf("\n"); |
| #endif |
| } |
| |
| if (!strncmp(line, vfStr, strlen(vfStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| linePtr = line + strlen(vfStr); |
| OCT_clear(&vfOct); |
| OCT_jstring(&vfOct,linePtr); |
| vfOct.len -= 1; |
| |
| #ifdef DEBUG |
| printf("vfOct Hex: "); |
| OCT_output(&vfOct); |
| printf("vfOct ASCII: "); |
| OCT_output_string(&vfOct); |
| printf("\n"); |
| #endif |
| } |
| |
| if (!strncmp(line, vtStr, strlen(vtStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| linePtr = line + strlen(vtStr); |
| OCT_clear(&vtOct); |
| OCT_jstring(&vtOct,linePtr); |
| vtOct.len -= 1; |
| |
| #ifdef DEBUG |
| printf("vtOct Hex: "); |
| OCT_output(&vtOct); |
| printf("vtOct ASCII: "); |
| OCT_output_string(&vtOct); |
| printf("\n"); |
| #endif |
| } |
| |
| if (!strncmp(line, CERT_PKStr, strlen(CERT_PKStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| // Find hex value in string |
| linePtr = line + strlen(CERT_PKStr); |
| |
| // p binary value |
| l1 = strlen(linePtr)-1; |
| amcl_hex2bin(linePtr, CERT_PKOct.val, l1); |
| CERT_PKOct.len = l1/2; |
| |
| #ifdef DEBUG |
| printf("CERT_PKOct Hex: "); |
| OCT_output(&CERT_PKOct); |
| printf("\n"); |
| #endif |
| } |
| |
| |
| // Self-Signed CA cert |
| if (!strncmp(line, CAStr, strlen(CAStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| // Find base64 value in string |
| char io[5000]; |
| octet IO= {0,sizeof(io),io}; |
| linePtr = line + strlen(CAStr); |
| l1 = strlen(linePtr); |
| char* ca_b64 = (char*) calloc (l1,sizeof(char)); |
| strncpy(ca_b64,linePtr,l1-1); |
| OCT_frombase64(&IO,ca_b64); |
| |
| #ifdef DEBUG |
| printf("CA Self-Signed Cert: \n"); |
| OCT_output(&IO); |
| printf("\n"); |
| #endif |
| |
| free(ca_b64); |
| ca_b64 = NULL; |
| |
| // returns signature type |
| st=X509_extract_cert_sig(&IO,&SIG); |
| |
| if (st.type==0) |
| { |
| printf("Unable to extract self-signed cert signature\r\n"); |
| } |
| |
| if (st.type==ECC) |
| { |
| OCT_chop(&SIG,&S,SIG.len/2); |
| OCT_copy(&R,&SIG); |
| // printf("SIG: "); |
| // OCT_output(&R); |
| // printf("\r\n"); |
| // OCT_output(&S); |
| // printf("\r\n"); |
| } |
| |
| if (st.type==RSA) |
| { |
| //printf("SIG: "); |
| //OCT_output(&SIG); |
| //printf("\r\n"); |
| } |
| |
| // Extract Cert from signed Cert |
| X509_extract_cert(&IO,&H); |
| |
| ca=X509_extract_public_key(&H,&CAKEY); |
| |
| if (ca.type==0) |
| { |
| printf("Not supported by library\n"); |
| exit(EXIT_FAILURE); |
| } |
| if (ca.type!=st.type) |
| { |
| printf("Not self-signed\n"); |
| exit(EXIT_FAILURE); |
| } |
| |
| if (ca.type==ECC) |
| { |
| // printf("EXTRACTED ECC CA PUBLIC KEY: "); |
| // OCT_output(&CAKEY); |
| // printf("\n"); |
| } |
| if (ca.type==RSA) |
| { |
| // printf("EXTRACTED RSA CA PUBLIC KEY: "); |
| // OCT_output(&CAKEY); |
| // printf("\n"); |
| } |
| |
| // Cert is self-signed - so check signature |
| // printf("Checking Self-Signed Signature\r\n"); |
| if (ca.type==ECC) |
| { |
| // if (ca.curve!=CHOICE) |
| // { |
| // printf("TEST X509 ERROR CURVE IS NOT SUPPORTED LINE %d\n",i); |
| // exit(EXIT_FAILURE); |
| // } |
| int res=ECP_ZZZ_PUBLIC_KEY_VALIDATE(&CAKEY); |
| if (res!=0) |
| { |
| printf("TEST X509 ERROR PUBLIC KEY IS INVALID LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| sha=0; |
| if (st.hash==H256) sha=SHA256; |
| if (st.hash==H384) sha=SHA384; |
| if (st.hash==H512) sha=SHA512; |
| if (st.hash==0) |
| { |
| printf("TEST X509 ERROR HASH FUNCTION NOT SUPPORTED LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| if (ECP_ZZZ_VP_DSA(sha,&CAKEY,&H,&R,&S)!=0) |
| { |
| printf("X509 ERROR ECDSA VERIFICATION FAILED LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| } |
| |
| if (ca.type==RSA) |
| { |
| PK.e=65537; // assuming this! |
| FF_WWW_fromOctet(PK.n,&CAKEY,FFLEN_WWW); |
| |
| sha=0; |
| if (st.hash==H256) sha=SHA256; |
| if (st.hash==H384) sha=SHA384; |
| if (st.hash==H512) sha=SHA512; |
| if (st.hash==0) |
| { |
| printf("TEST X509 ERROR Hash Function not supported LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| PKCS15(sha,&H,&HP); |
| |
| RSA_WWW_ENCRYPT(&PK,&SIG,&HH); |
| if (!OCT_comp(&HP,&HH)) |
| { |
| printf("TEST X509 ERROR RSA VERIFICATION FAILED LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| } |
| } |
| |
| /////////// CA Signed cert ///////////////// |
| if (!strncmp(line, CERTStr, strlen(CERTStr))) |
| { |
| #ifdef DEBUG |
| printf("line %d %s\n", i,line); |
| #endif |
| // Find base64 value in string |
| char io[5000]; |
| octet IO= {0,sizeof(io),io}; |
| linePtr = line + strlen(CERTStr); |
| l1 = strlen(linePtr); |
| char* cert_b64 = (char*) calloc (l1,sizeof(char)); |
| strncpy(cert_b64,linePtr,l1-1); |
| OCT_frombase64(&IO,cert_b64); |
| |
| #ifdef DEBUG |
| printf("CA Signed Cert: \n"); |
| OCT_output(&IO); |
| printf("\n"); |
| #endif |
| |
| free(cert_b64); |
| cert_b64 = NULL; |
| |
| // returns signature type |
| st=X509_extract_cert_sig(&IO,&SIG); |
| |
| if (st.type==0) |
| { |
| printf("TEST X509 ERROR UNABLE TO CHECK CERT SIGNATURE LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| if (st.type==ECC) |
| { |
| OCT_chop(&SIG,&S,SIG.len/2); |
| OCT_copy(&R,&SIG); |
| #ifdef DEBUG |
| printf("ECC SIG: "); |
| OCT_output(&R); |
| printf("\r\n"); |
| OCT_output(&S); |
| printf("\r\n"); |
| #endif |
| } |
| |
| #ifdef DEBUG |
| if (st.type==RSA) |
| { |
| printf("RSA SIG: "); |
| OCT_output(&SIG); |
| printf("\r\n"); |
| } |
| #endif |
| |
| // Extract Cert |
| int c; |
| c=X509_extract_cert(&IO,&H); |
| |
| #ifdef DEBUG |
| printf("Cert: "); |
| OCT_output(&H); |
| printf("\n"); |
| #endif |
| |
| // Check Details |
| int ic,len; |
| // Issuer Details |
| ic=X509_find_issuer(&H); |
| |
| c=X509_find_entity_property(&H,&CN,ic,&len); |
| #ifdef DEBUG |
| print_out("countryName: ",&H,c,len); |
| printf("\n"); |
| #endif |
| |
| if (!compare_data(&H,&IssuerCOct,c)) |
| { |
| printf("TEST X509 ERROR IssuerC LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| c=X509_find_entity_property(&H,&SN,ic,&len); |
| #ifdef DEBUG |
| print_out("stateOrProvinceName: ",&H,c,len); |
| printf("\n"); |
| #endif |
| |
| if (!compare_data(&H,&IssuerSTOct,c)) |
| { |
| printf("TEST X509 ERROR IssuerST LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| c=X509_find_entity_property(&H,&LN,ic,&len); |
| #ifdef DEBUG |
| print_out("localityName: ",&H,c,len); |
| printf("\n"); |
| #endif |
| |
| if (!compare_data(&H,&IssuerLOct,c)) |
| { |
| printf("TEST X509 ERROR IssuerL LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| c=X509_find_entity_property(&H,&ON,ic,&len); |
| #ifdef DEBUG |
| print_out("organizationName: ",&H,c,len); |
| printf("\n"); |
| #endif |
| |
| if (!compare_data(&H,&IssuerOOct,c)) |
| { |
| printf("TEST X509 ERROR IssuerO LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| c=X509_find_entity_property(&H,&UN,ic,&len); |
| #ifdef DEBUG |
| print_out("organizationalUnitName: ",&H,c,len); |
| printf("\n"); |
| #endif |
| |
| if (!compare_data(&H,&IssuerOUOct,c)) |
| { |
| printf("TEST X509 ERROR IssuerOU LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| c=X509_find_entity_property(&H,&MN,ic,&len); |
| #ifdef DEBUG |
| print_out("commonName: ",&H,c,len); |
| printf("\n"); |
| #endif |
| |
| if (!compare_data(&H,&IssuerCNOct,c)) |
| { |
| printf("TEST X509 ERROR IssuerCN LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| c=X509_find_entity_property(&H,&EN,ic,&len); |
| #ifdef DEBUG |
| print_out("emailAddress: ",&H,c,len); |
| printf("\n"); |
| #endif |
| |
| if (!compare_data(&H,&IssuerEmailAddressOct,c)) |
| { |
| printf("TEST X509 ERROR IssuerEmailAddress LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| // Subject details |
| #ifdef DEBUG |
| printf("Subject Details\n"); |
| #endif |
| ic=X509_find_subject(&H); |
| |
| c=X509_find_entity_property(&H,&CN,ic,&len); |
| #ifdef DEBUG |
| print_out("countryName: ",&H,c,len); |
| printf("\n"); |
| #endif |
| |
| if (!compare_data(&H,&SubjectCOct,c)) |
| { |
| printf("TEST X509 ERROR SubjectC LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| c=X509_find_entity_property(&H,&SN,ic,&len); |
| #ifdef DEBUG |
| print_out("stateOrProvinceName: ",&H,c,len); |
| printf("\n"); |
| #endif |
| |
| if (!compare_data(&H,&SubjectSTOct,c)) |
| { |
| printf("TEST X509 ERROR SubjectST LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| c=X509_find_entity_property(&H,&LN,ic,&len); |
| #ifdef DEBUG |
| print_out("localityName: ",&H,c,len); |
| printf("\n"); |
| #endif |
| |
| if (!compare_data(&H,&SubjectLOct,c)) |
| { |
| printf("TEST X509 ERROR SubjectL LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| c=X509_find_entity_property(&H,&ON,ic,&len); |
| #ifdef DEBUG |
| print_out("organizationName: ",&H,c,len); |
| printf("\n"); |
| #endif |
| |
| if (!compare_data(&H,&SubjectOOct,c)) |
| { |
| printf("TEST X509 ERROR SubjectO LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| c=X509_find_entity_property(&H,&UN,ic,&len); |
| #ifdef DEBUG |
| print_out("organizationalUnitName: ",&H,c,len); |
| printf("\n"); |
| #endif |
| |
| if (!compare_data(&H,&SubjectOUOct,c)) |
| { |
| printf("TEST X509 ERROR SubjectOU LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| c=X509_find_entity_property(&H,&MN,ic,&len); |
| #ifdef DEBUG |
| print_out("commonName: ",&H,c,len); |
| printf("\n"); |
| #endif |
| |
| if (!compare_data(&H,&SubjectCNOct,c)) |
| { |
| printf("TEST X509 ERROR SubjectCN LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| c=X509_find_entity_property(&H,&EN,ic,&len); |
| #ifdef DEBUG |
| print_out("emailAddress: ",&H,c,len); |
| printf("\n"); |
| #endif |
| |
| if (!compare_data(&H,&SubjectEmailAddressOct,c)) |
| { |
| printf("TEST X509 ERROR SubjectEmailAddress LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| ic=X509_find_validity(&H); |
| c=X509_find_start_date(&H,ic); |
| #ifdef DEBUG |
| print_date("start date: ",&H,c); |
| printf("\n"); |
| #endif |
| |
| if (!compare_data(&H,&vfOct,c)) |
| { |
| printf("TEST X509 ERROR VALID FROM LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| c=X509_find_expiry_date(&H,ic); |
| #ifdef DEBUG |
| print_date("expiry date: ",&H,c); |
| printf("\n"); |
| #endif |
| |
| if (!compare_data(&H,&vtOct,c)) |
| { |
| printf("TEST X509 ERROR VALID TO LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| pt=X509_extract_public_key(&H,&CERTKEY); |
| |
| if (pt.type==0) |
| { |
| printf("TEST X509 ERROR NOT SUPPORTED BY LIBRARY LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| #ifdef DEBUG |
| if (pt.type==ECC) |
| { |
| printf("EXTRACTED ECC PUBLIC KEY: "); |
| OCT_output(&CERTKEY); |
| printf("\n"); |
| } |
| if (pt.type==RSA) |
| { |
| printf("EXTRACTED RSA PUBLIC KEY: "); |
| OCT_output(&CERTKEY); |
| printf("\n"); |
| } |
| #endif |
| if (!compare_data(&CERTKEY,&CERT_PKOct,0)) |
| { |
| printf("TEST X509 ERROR CERT PUBLIC KEY LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| // Check CA signature |
| // printf("Checking CA Signed Signature\n"); |
| |
| #ifdef DEBUG |
| printf("CA PUBLIC KEY: "); |
| OCT_output(&CAKEY); |
| printf("\n"); |
| #endif |
| |
| if (ca.type==ECC) |
| { |
| // if (ca.curve!=CHOICE) |
| // { |
| // printf("TEST X509 ERROR CURVE IS NOT SUPPORTED LINE %d\n",i); |
| // exit(EXIT_FAILURE); |
| // } |
| int res=ECP_ZZZ_PUBLIC_KEY_VALIDATE(&CAKEY); |
| if (res!=0) |
| { |
| printf("TEST X509 ERROR PUBLIC KEY IS INVALID LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| sha=0; |
| if (st.hash==H256) sha=SHA256; |
| if (st.hash==H384) sha=SHA384; |
| if (st.hash==H512) sha=SHA512; |
| if (st.hash==0) |
| { |
| printf("TEST X509 ERROR HASH FUNCTION NOT SUPPORTED LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| |
| if (ECP_ZZZ_VP_DSA(sha,&CAKEY,&H,&R,&S)!=0) |
| { |
| printf("X509 ERROR ECDSA VERIFICATION FAILED LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| } |
| |
| if (ca.type==RSA) |
| { |
| PK.e=65537; // assuming this! |
| FF_WWW_fromOctet(PK.n,&CAKEY,FFLEN_WWW); |
| |
| sha=0; |
| if (st.hash==H256) sha=SHA256; |
| if (st.hash==H384) sha=SHA384; |
| if (st.hash==H512) sha=SHA512; |
| if (st.hash==0) |
| { |
| printf("TEST X509 ERROR Hash Function not supported LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| PKCS15(sha,&H,&HP); |
| |
| RSA_WWW_ENCRYPT(&PK,&SIG,&HH); |
| if (!OCT_comp(&HP,&HH)) |
| { |
| printf("TEST X509 ERROR RSA VERIFICATION FAILED LINE %d\n",i); |
| exit(EXIT_FAILURE); |
| } |
| } |
| } |
| |
| } |
| fclose(fp); |
| if (!readLine) |
| { |
| printf("X509 ERROR Empty test vector file\n"); |
| exit(EXIT_FAILURE); |
| } |
| printf("SUCCESS TEST X509 PASSED\n"); |
| exit(EXIT_SUCCESS); |
| } |