Google Git
Sign in
apache / incubator-milagro-crypto-c / ff75c17ed9f6891167e568ed98c3d2e0c68021fc / . / test / test_x509_WWW_ZZZ.c.in
blob: 7ed17889fbfaa42981a78926bf0aa2122ba6f7d2 [file] [log] [blame]
/*
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
*/
/**
* @file test_x509.c
* @author Kealan McCusker
* @brief Test x509 functions
*
*/
#include "rsa_WWW.h"
#include "ecdh_ZZZ.h"
#include "x509.h"
#include "utils.h"
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
//#define DEBUG
#define ECC 1
#define RSA 2
#define H160 1
#define H256 2
#define H384 3
#define H512 4
// #define CHOICE "ZZZ"
#define LINE_LEN 10000
#define MAX_STRING 300
#define MAXMODBYTES 72
#define MAXFFLEN 16
char sig[MAXMODBYTES*MAXFFLEN];
octet SIG= {0,sizeof(sig),sig};
char sig2[MAXMODBYTES*MAXFFLEN];
octet SIG2= {0,sizeof(sig2),sig2};
char r[MAXMODBYTES];
octet R= {0,sizeof(r),r};
char s[MAXMODBYTES];
octet S= {0,sizeof(s),s};
char cakey[MAXMODBYTES*MAXFFLEN];
octet CAKEY= {0,sizeof(cakey),cakey};
char certkey[MAXMODBYTES*MAXFFLEN];
octet CERTKEY= {0,sizeof(certkey),certkey};
char h[5000];
octet H= {0,sizeof(h),h};
char hh[5000];
octet HH= {0,sizeof(hh),hh};
char hp[RFS_WWW];
octet HP= {0,sizeof(hp),hp};
// countryName
static char cn[3]= {0x55,0x04,0x06};
static octet CN= {3,sizeof(cn),cn};
// stateName
static char sn[3]= {0x55,0x04,0x08};
static octet SN= {3,sizeof(sn),sn};
// localName
static char ln[3]= {0x55,0x04,0x07};
static octet LN= {3,sizeof(ln),ln};
// orgName
static char on[3]= {0x55,0x04,0x0A};
static octet ON= {3,sizeof(on),on};
// unitName
static char un[3]= {0x55,0x04,0x0B};
static octet UN= {3,sizeof(un),un};
// myName
static char mn[3]= {0x55,0x04,0x03};
static octet MN= {3,sizeof(mn),mn};
// emailName
static char en[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01};
static octet EN= {9,sizeof(en),en};
int compare_data(octet *cert,octet *data,int index)
{
int i;
for (i=0; i<data->len; i++)
{
if (cert->val[index+i]!=data->val[i])
{
return 0;
}
}
return 1;
}
int main(int argc, char** argv)
{
if (argc != 2)
{
printf("usage: ./test_x509 [path to test vector file]\n");
exit(EXIT_FAILURE);
}
int sha;
pktype st,pt;
pktype ca = {0,0,0};
FILE * fp = NULL;
char line[LINE_LEN];
char * linePtr = NULL;
int l1=0;
const char* CAStr = "CA = ";
const char* CERTStr = "CERT = ";
char issuerc[MAX_STRING];
octet IssuerCOct= {0,MAX_STRING,issuerc};
const char* IssuerCStr = "IssuerC = ";
char issuerst[MAX_STRING];
octet IssuerSTOct= {0,MAX_STRING,issuerst};
const char* IssuerSTStr = "IssuerST = ";
char issuerl[MAX_STRING];
octet IssuerLOct= {0,MAX_STRING,issuerl};
const char* IssuerLStr = "IssuerL = ";
char issuero[MAX_STRING];
octet IssuerOOct= {0,MAX_STRING,issuero};
const char* IssuerOStr = "IssuerO = ";
char issuerou[MAX_STRING];
octet IssuerOUOct= {0,MAX_STRING,issuerou};
const char* IssuerOUStr = "IssuerOU = ";
char issuercn[MAX_STRING];
octet IssuerCNOct= {0,MAX_STRING,issuercn};
const char* IssuerCNStr = "IssuerCN = ";
char issueremailaddress[MAX_STRING];
octet IssuerEmailAddressOct= {0,MAX_STRING,issueremailaddress};
const char* IssuerEmailAddressStr = "IssuerEmailAddress = ";
char subjectc[MAX_STRING];
octet SubjectCOct= {0,MAX_STRING,subjectc};
const char* SubjectCStr = "SubjectC = ";
char subjectst[MAX_STRING];
octet SubjectSTOct= {0,MAX_STRING,subjectst};
const char* SubjectSTStr = "SubjectST = ";
char subjectl[MAX_STRING];
octet SubjectLOct= {0,MAX_STRING,subjectl};
const char* SubjectLStr = "SubjectL = ";
char subjecto[MAX_STRING];
octet SubjectOOct= {0,MAX_STRING,subjecto};
const char* SubjectOStr = "SubjectO = ";
char subjectou[MAX_STRING];
octet SubjectOUOct= {0,MAX_STRING,subjectou};
const char* SubjectOUStr = "SubjectOU = ";
char subjectcn[MAX_STRING];
octet SubjectCNOct= {0,MAX_STRING,subjectcn};
const char* SubjectCNStr = "SubjectCN = ";
char subjectemailaddress[MAX_STRING];
octet SubjectEmailAddressOct= {0,MAX_STRING,subjectemailaddress};
const char* SubjectEmailAddressStr = "SubjectEmailAddress = ";
char vf[MAX_STRING];
octet vfOct= {0,MAX_STRING,vf};
const char* vfStr = "vf = ";
char vt[MAX_STRING];
octet vtOct= {0,MAX_STRING,vt};
const char* vtStr = "vt = ";
char cert_pk[512];
octet CERT_PKOct= {0,sizeof(cert_pk),cert_pk};
const char* CERT_PKStr = "CERT_PK = ";
fp = fopen(argv[1], "r");
if (fp == NULL)
{
printf("ERROR opening test vector file\n");
exit(EXIT_FAILURE);
}
rsa_public_key_WWW PK;
bool readLine = false;
int i=0;
while (fgets(line, LINE_LEN, fp) != NULL)
{
i++;
readLine = true;
if (!strncmp(line, IssuerCStr, strlen(IssuerCStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(IssuerCStr);
OCT_clear(&IssuerCOct);
OCT_jstring(&IssuerCOct,linePtr);
IssuerCOct.len -= 1;
#ifdef DEBUG
printf("IssuerCOct Hex: ");
OCT_output(&IssuerCOct);
printf("IssuerCOct ASCII: ");
OCT_output_string(&IssuerCOct);
printf("\n");
#endif
}
if (!strncmp(line, IssuerSTStr, strlen(IssuerSTStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(IssuerSTStr);
OCT_clear(&IssuerSTOct);
OCT_jstring(&IssuerSTOct,linePtr);
IssuerSTOct.len -= 1;
#ifdef DEBUG
printf("IssuerSTOct Hex: ");
OCT_output(&IssuerSTOct);
printf("IssuerSTOct ASCII: ");
OCT_output_string(&IssuerSTOct);
printf("\n");
#endif
}
if (!strncmp(line, IssuerLStr, strlen(IssuerLStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(IssuerLStr);
OCT_clear(&IssuerLOct);
OCT_jstring(&IssuerLOct,linePtr);
IssuerLOct.len -= 1;
#ifdef DEBUG
printf("IssuerLOct Hex: ");
OCT_output(&IssuerLOct);
printf("IssuerLOct ASCII: ");
OCT_output_string(&IssuerLOct);
printf("\n");
#endif
}
if (!strncmp(line, IssuerOStr, strlen(IssuerOStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(IssuerOStr);
OCT_clear(&IssuerOOct);
OCT_jstring(&IssuerOOct,linePtr);
IssuerOOct.len -= 1;
#ifdef DEBUG
printf("IssuerOOct Hex: ");
OCT_output(&IssuerOOct);
printf("IssuerOOct ASCII: ");
OCT_output_string(&IssuerOOct);
printf("\n");
#endif
}
if (!strncmp(line, IssuerOUStr, strlen(IssuerOUStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(IssuerOUStr);
OCT_clear(&IssuerOUOct);
OCT_jstring(&IssuerOUOct,linePtr);
IssuerOUOct.len -= 1;
#ifdef DEBUG
printf("IssuerOUOct Hex: ");
OCT_output(&IssuerOUOct);
printf("IssuerOUOct ASCII: ");
OCT_output_string(&IssuerOUOct);
printf("\n");
#endif
}
if (!strncmp(line, IssuerCNStr, strlen(IssuerCNStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(IssuerCNStr);
OCT_clear(&IssuerCNOct);
OCT_jstring(&IssuerCNOct,linePtr);
IssuerCNOct.len -= 1;
#ifdef DEBUG
printf("IssuerCNOct Hex: ");
OCT_output(&IssuerCNOct);
printf("IssuerCNOct ASCII: ");
OCT_output_string(&IssuerCNOct);
printf("\n");
#endif
}
if (!strncmp(line, IssuerEmailAddressStr, strlen(IssuerEmailAddressStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(IssuerEmailAddressStr);
OCT_clear(&IssuerEmailAddressOct);
OCT_jstring(&IssuerEmailAddressOct,linePtr);
IssuerEmailAddressOct.len -= 1;
#ifdef DEBUG
printf("IssuerEmailAddressOct Hex: ");
OCT_output(&IssuerEmailAddressOct);
printf("IssuerEmailAddressOct ASCII: ");
OCT_output_string(&IssuerEmailAddressOct);
printf("\n");
#endif
}
if (!strncmp(line, SubjectCStr, strlen(SubjectCStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(SubjectCStr);
OCT_clear(&SubjectCOct);
OCT_jstring(&SubjectCOct,linePtr);
SubjectCOct.len -= 1;
#ifdef DEBUG
printf("SubjectCOct Hex: ");
OCT_output(&SubjectCOct);
printf("SubjectCOct ASCII: ");
OCT_output_string(&SubjectCOct);
printf("\n");
#endif
}
if (!strncmp(line, SubjectSTStr, strlen(SubjectSTStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(SubjectSTStr);
OCT_clear(&SubjectSTOct);
OCT_jstring(&SubjectSTOct,linePtr);
SubjectSTOct.len -= 1;
#ifdef DEBUG
printf("SubjectSTOct Hex: ");
OCT_output(&SubjectSTOct);
printf("SubjectSTOct ASCII: ");
OCT_output_string(&SubjectSTOct);
printf("\n");
#endif
}
if (!strncmp(line, SubjectLStr, strlen(SubjectLStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(SubjectLStr);
OCT_clear(&SubjectLOct);
OCT_jstring(&SubjectLOct,linePtr);
SubjectLOct.len -= 1;
#ifdef DEBUG
printf("SubjectLOct Hex: ");
OCT_output(&SubjectLOct);
printf("SubjectLOct ASCII: ");
OCT_output_string(&SubjectLOct);
printf("\n");
#endif
}
if (!strncmp(line, SubjectOStr, strlen(SubjectOStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(SubjectOStr);
OCT_clear(&SubjectOOct);
OCT_jstring(&SubjectOOct,linePtr);
SubjectOOct.len -= 1;
#ifdef DEBUG
printf("SubjectOOct Hex: ");
OCT_output(&SubjectOOct);
printf("SubjectOOct ASCII: ");
OCT_output_string(&SubjectOOct);
printf("\n");
#endif
}
if (!strncmp(line, SubjectOUStr, strlen(SubjectOUStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(SubjectOUStr);
OCT_clear(&SubjectOUOct);
OCT_jstring(&SubjectOUOct,linePtr);
SubjectOUOct.len -= 1;
#ifdef DEBUG
printf("SubjectOUOct Hex: ");
OCT_output(&SubjectOUOct);
printf("SubjectOUOct ASCII: ");
OCT_output_string(&SubjectOUOct);
printf("\n");
#endif
}
if (!strncmp(line, SubjectCNStr, strlen(SubjectCNStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(SubjectCNStr);
OCT_clear(&SubjectCNOct);
OCT_jstring(&SubjectCNOct,linePtr);
SubjectCNOct.len -= 1;
#ifdef DEBUG
printf("SubjectCNOct Hex: ");
OCT_output(&SubjectCNOct);
printf("SubjectCNOct ASCII: ");
OCT_output_string(&SubjectCNOct);
printf("\n");
#endif
}
if (!strncmp(line, SubjectEmailAddressStr, strlen(SubjectEmailAddressStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(SubjectEmailAddressStr);
OCT_clear(&SubjectEmailAddressOct);
OCT_jstring(&SubjectEmailAddressOct,linePtr);
SubjectEmailAddressOct.len -= 1;
#ifdef DEBUG
printf("SubjectEmailAddressOct Hex: ");
OCT_output(&SubjectEmailAddressOct);
printf("SubjectEmailAddressOct ASCII: ");
OCT_output_string(&SubjectEmailAddressOct);
printf("\n");
#endif
}
if (!strncmp(line, vfStr, strlen(vfStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(vfStr);
OCT_clear(&vfOct);
OCT_jstring(&vfOct,linePtr);
vfOct.len -= 1;
#ifdef DEBUG
printf("vfOct Hex: ");
OCT_output(&vfOct);
printf("vfOct ASCII: ");
OCT_output_string(&vfOct);
printf("\n");
#endif
}
if (!strncmp(line, vtStr, strlen(vtStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(vtStr);
OCT_clear(&vtOct);
OCT_jstring(&vtOct,linePtr);
vtOct.len -= 1;
#ifdef DEBUG
printf("vtOct Hex: ");
OCT_output(&vtOct);
printf("vtOct ASCII: ");
OCT_output_string(&vtOct);
printf("\n");
#endif
}
if (!strncmp(line, CERT_PKStr, strlen(CERT_PKStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
// Find hex value in string
linePtr = line + strlen(CERT_PKStr);
// p binary value
l1 = strlen(linePtr)-1;
amcl_hex2bin(linePtr, CERT_PKOct.val, l1);
CERT_PKOct.len = l1/2;
#ifdef DEBUG
printf("CERT_PKOct Hex: ");
OCT_output(&CERT_PKOct);
printf("\n");
#endif
}
// Self-Signed CA cert
if (!strncmp(line, CAStr, strlen(CAStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
// Find base64 value in string
char io[5000];
octet IO= {0,sizeof(io),io};
linePtr = line + strlen(CAStr);
l1 = strlen(linePtr);
char* ca_b64 = (char*) calloc (l1,sizeof(char));
strncpy(ca_b64,linePtr,l1-1);
OCT_frombase64(&IO,ca_b64);
#ifdef DEBUG
printf("CA Self-Signed Cert: \n");
OCT_output(&IO);
printf("\n");
#endif
free(ca_b64);
ca_b64 = NULL;
// returns signature type
st=X509_extract_cert_sig(&IO,&SIG);
if (st.type==0)
{
printf("Unable to extract self-signed cert signature\r\n");
}
if (st.type==ECC)
{
OCT_chop(&SIG,&S,SIG.len/2);
OCT_copy(&R,&SIG);
// printf("SIG: ");
// OCT_output(&R);
// printf("\r\n");
// OCT_output(&S);
// printf("\r\n");
}
if (st.type==RSA)
{
//printf("SIG: ");
//OCT_output(&SIG);
//printf("\r\n");
}
// Extract Cert from signed Cert
X509_extract_cert(&IO,&H);
ca=X509_extract_public_key(&H,&CAKEY);
if (ca.type==0)
{
printf("Not supported by library\n");
exit(EXIT_FAILURE);
}
if (ca.type!=st.type)
{
printf("Not self-signed\n");
exit(EXIT_FAILURE);
}
if (ca.type==ECC)
{
// printf("EXTRACTED ECC CA PUBLIC KEY: ");
// OCT_output(&CAKEY);
// printf("\n");
}
if (ca.type==RSA)
{
// printf("EXTRACTED RSA CA PUBLIC KEY: ");
// OCT_output(&CAKEY);
// printf("\n");
}
// Cert is self-signed - so check signature
// printf("Checking Self-Signed Signature\r\n");
if (ca.type==ECC)
{
// if (ca.curve!=CHOICE)
// {
// printf("TEST X509 ERROR CURVE IS NOT SUPPORTED LINE %d\n",i);
// exit(EXIT_FAILURE);
// }
int res=ECP_ZZZ_PUBLIC_KEY_VALIDATE(&CAKEY);
if (res!=0)
{
printf("TEST X509 ERROR PUBLIC KEY IS INVALID LINE %d\n",i);
exit(EXIT_FAILURE);
}
sha=0;
if (st.hash==H256) sha=SHA256;
if (st.hash==H384) sha=SHA384;
if (st.hash==H512) sha=SHA512;
if (st.hash==0)
{
printf("TEST X509 ERROR HASH FUNCTION NOT SUPPORTED LINE %d\n",i);
exit(EXIT_FAILURE);
}
if (ECP_ZZZ_VP_DSA(sha,&CAKEY,&H,&R,&S)!=0)
{
printf("X509 ERROR ECDSA VERIFICATION FAILED LINE %d\n",i);
exit(EXIT_FAILURE);
}
}
if (ca.type==RSA)
{
PK.e=65537; // assuming this!
FF_WWW_fromOctet(PK.n,&CAKEY,FFLEN_WWW);
sha=0;
if (st.hash==H256) sha=SHA256;
if (st.hash==H384) sha=SHA384;
if (st.hash==H512) sha=SHA512;
if (st.hash==0)
{
printf("TEST X509 ERROR Hash Function not supported LINE %d\n",i);
exit(EXIT_FAILURE);
}
PKCS15(sha,&H,&HP);
RSA_WWW_ENCRYPT(&PK,&SIG,&HH);
if (!OCT_comp(&HP,&HH))
{
printf("TEST X509 ERROR RSA VERIFICATION FAILED LINE %d\n",i);
exit(EXIT_FAILURE);
}
}
}
/////////// CA Signed cert /////////////////
if (!strncmp(line, CERTStr, strlen(CERTStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
// Find base64 value in string
char io[5000];
octet IO= {0,sizeof(io),io};
linePtr = line + strlen(CERTStr);
l1 = strlen(linePtr);
char* cert_b64 = (char*) calloc (l1,sizeof(char));
strncpy(cert_b64,linePtr,l1-1);
OCT_frombase64(&IO,cert_b64);
#ifdef DEBUG
printf("CA Signed Cert: \n");
OCT_output(&IO);
printf("\n");
#endif
free(cert_b64);
cert_b64 = NULL;
// returns signature type
st=X509_extract_cert_sig(&IO,&SIG);
if (st.type==0)
{
printf("TEST X509 ERROR UNABLE TO CHECK CERT SIGNATURE LINE %d\n",i);
exit(EXIT_FAILURE);
}
if (st.type==ECC)
{
OCT_chop(&SIG,&S,SIG.len/2);
OCT_copy(&R,&SIG);
#ifdef DEBUG
printf("ECC SIG: ");
OCT_output(&R);
printf("\r\n");
OCT_output(&S);
printf("\r\n");
#endif
}
#ifdef DEBUG
if (st.type==RSA)
{
printf("RSA SIG: ");
OCT_output(&SIG);
printf("\r\n");
}
#endif
// Extract Cert
int c;
c=X509_extract_cert(&IO,&H);
#ifdef DEBUG
printf("Cert: ");
OCT_output(&H);
printf("\n");
#endif
// Check Details
int ic,len;
// Issuer Details
ic=X509_find_issuer(&H);
c=X509_find_entity_property(&H,&CN,ic,&len);
#ifdef DEBUG
print_out("countryName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&IssuerCOct,c))
{
printf("TEST X509 ERROR IssuerC LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&SN,ic,&len);
#ifdef DEBUG
print_out("stateOrProvinceName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&IssuerSTOct,c))
{
printf("TEST X509 ERROR IssuerST LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&LN,ic,&len);
#ifdef DEBUG
print_out("localityName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&IssuerLOct,c))
{
printf("TEST X509 ERROR IssuerL LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&ON,ic,&len);
#ifdef DEBUG
print_out("organizationName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&IssuerOOct,c))
{
printf("TEST X509 ERROR IssuerO LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&UN,ic,&len);
#ifdef DEBUG
print_out("organizationalUnitName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&IssuerOUOct,c))
{
printf("TEST X509 ERROR IssuerOU LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&MN,ic,&len);
#ifdef DEBUG
print_out("commonName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&IssuerCNOct,c))
{
printf("TEST X509 ERROR IssuerCN LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&EN,ic,&len);
#ifdef DEBUG
print_out("emailAddress: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&IssuerEmailAddressOct,c))
{
printf("TEST X509 ERROR IssuerEmailAddress LINE %d\n",i);
exit(EXIT_FAILURE);
}
// Subject details
#ifdef DEBUG
printf("Subject Details\n");
#endif
ic=X509_find_subject(&H);
c=X509_find_entity_property(&H,&CN,ic,&len);
#ifdef DEBUG
print_out("countryName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&SubjectCOct,c))
{
printf("TEST X509 ERROR SubjectC LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&SN,ic,&len);
#ifdef DEBUG
print_out("stateOrProvinceName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&SubjectSTOct,c))
{
printf("TEST X509 ERROR SubjectST LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&LN,ic,&len);
#ifdef DEBUG
print_out("localityName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&SubjectLOct,c))
{
printf("TEST X509 ERROR SubjectL LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&ON,ic,&len);
#ifdef DEBUG
print_out("organizationName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&SubjectOOct,c))
{
printf("TEST X509 ERROR SubjectO LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&UN,ic,&len);
#ifdef DEBUG
print_out("organizationalUnitName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&SubjectOUOct,c))
{
printf("TEST X509 ERROR SubjectOU LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&MN,ic,&len);
#ifdef DEBUG
print_out("commonName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&SubjectCNOct,c))
{
printf("TEST X509 ERROR SubjectCN LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&EN,ic,&len);
#ifdef DEBUG
print_out("emailAddress: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&SubjectEmailAddressOct,c))
{
printf("TEST X509 ERROR SubjectEmailAddress LINE %d\n",i);
exit(EXIT_FAILURE);
}
ic=X509_find_validity(&H);
c=X509_find_start_date(&H,ic);
#ifdef DEBUG
print_date("start date: ",&H,c);
printf("\n");
#endif
if (!compare_data(&H,&vfOct,c))
{
printf("TEST X509 ERROR VALID FROM LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_expiry_date(&H,ic);
#ifdef DEBUG
print_date("expiry date: ",&H,c);
printf("\n");
#endif
if (!compare_data(&H,&vtOct,c))
{
printf("TEST X509 ERROR VALID TO LINE %d\n",i);
exit(EXIT_FAILURE);
}
pt=X509_extract_public_key(&H,&CERTKEY);
if (pt.type==0)
{
printf("TEST X509 ERROR NOT SUPPORTED BY LIBRARY LINE %d\n",i);
exit(EXIT_FAILURE);
}
#ifdef DEBUG
if (pt.type==ECC)
{
printf("EXTRACTED ECC PUBLIC KEY: ");
OCT_output(&CERTKEY);
printf("\n");
}
if (pt.type==RSA)
{
printf("EXTRACTED RSA PUBLIC KEY: ");
OCT_output(&CERTKEY);
printf("\n");
}
#endif
if (!compare_data(&CERTKEY,&CERT_PKOct,0))
{
printf("TEST X509 ERROR CERT PUBLIC KEY LINE %d\n",i);
exit(EXIT_FAILURE);
}
// Check CA signature
// printf("Checking CA Signed Signature\n");
#ifdef DEBUG
printf("CA PUBLIC KEY: ");
OCT_output(&CAKEY);
printf("\n");
#endif
if (ca.type==ECC)
{
// if (ca.curve!=CHOICE)
// {
// printf("TEST X509 ERROR CURVE IS NOT SUPPORTED LINE %d\n",i);
// exit(EXIT_FAILURE);
// }
int res=ECP_ZZZ_PUBLIC_KEY_VALIDATE(&CAKEY);
if (res!=0)
{
printf("TEST X509 ERROR PUBLIC KEY IS INVALID LINE %d\n",i);
exit(EXIT_FAILURE);
}
sha=0;
if (st.hash==H256) sha=SHA256;
if (st.hash==H384) sha=SHA384;
if (st.hash==H512) sha=SHA512;
if (st.hash==0)
{
printf("TEST X509 ERROR HASH FUNCTION NOT SUPPORTED LINE %d\n",i);
exit(EXIT_FAILURE);
}
if (ECP_ZZZ_VP_DSA(sha,&CAKEY,&H,&R,&S)!=0)
{
printf("X509 ERROR ECDSA VERIFICATION FAILED LINE %d\n",i);
exit(EXIT_FAILURE);
}
}
if (ca.type==RSA)
{
PK.e=65537; // assuming this!
FF_WWW_fromOctet(PK.n,&CAKEY,FFLEN_WWW);
sha=0;
if (st.hash==H256) sha=SHA256;
if (st.hash==H384) sha=SHA384;
if (st.hash==H512) sha=SHA512;
if (st.hash==0)
{
printf("TEST X509 ERROR Hash Function not supported LINE %d\n",i);
exit(EXIT_FAILURE);
}
PKCS15(sha,&H,&HP);
RSA_WWW_ENCRYPT(&PK,&SIG,&HH);
if (!OCT_comp(&HP,&HH))
{
printf("TEST X509 ERROR RSA VERIFICATION FAILED LINE %d\n",i);
exit(EXIT_FAILURE);
}
}
}
}
fclose(fp);
if (!readLine)
{
printf("X509 ERROR Empty test vector file\n");
exit(EXIT_FAILURE);
}
printf("SUCCESS TEST X509 PASSED\n");
exit(EXIT_SUCCESS);
}