Merge branch 'parse-ec-crt' into development
This commit is contained in:
commit
de9f9efc2e
19 changed files with 743 additions and 878 deletions
|
@ -212,6 +212,19 @@ int asn1_get_int( unsigned char **p,
|
||||||
int asn1_get_bitstring( unsigned char **p, const unsigned char *end,
|
int asn1_get_bitstring( unsigned char **p, const unsigned char *end,
|
||||||
asn1_bitstring *bs);
|
asn1_bitstring *bs);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Retrieve a bitstring ASN.1 tag without unused bits and its value.
|
||||||
|
* Updates the pointer to the beginning of the bit/octet string.
|
||||||
|
*
|
||||||
|
* \param p The position in the ASN.1 data
|
||||||
|
* \param end End of data
|
||||||
|
* \param len Length of the actual bit/octect string in bytes
|
||||||
|
*
|
||||||
|
* \return 0 if successful or a specific ASN.1 error code.
|
||||||
|
*/
|
||||||
|
int asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
|
||||||
|
size_t *len );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Parses and splits an ASN.1 "SEQUENCE OF <tag>"
|
* Parses and splits an ASN.1 "SEQUENCE OF <tag>"
|
||||||
* Updated the pointer to immediately behind the full sequence tag.
|
* Updated the pointer to immediately behind the full sequence tag.
|
||||||
|
|
|
@ -95,18 +95,12 @@ ecp_group;
|
||||||
* \brief ECP key pair structure
|
* \brief ECP key pair structure
|
||||||
*
|
*
|
||||||
* A generic key pair that could be used for ECDSA, fixed ECDH, etc.
|
* A generic key pair that could be used for ECDSA, fixed ECDH, etc.
|
||||||
* Usage can be restricted to a particular algorithm by the 'alg' field,
|
|
||||||
* see POLARSSL_ECP_KEY_ALG_* constants (default: unrestricted).
|
|
||||||
*
|
|
||||||
* \sa ecdh_context
|
|
||||||
* \sa ecdsa_context
|
|
||||||
*/
|
*/
|
||||||
typedef struct
|
typedef struct
|
||||||
{
|
{
|
||||||
ecp_group grp; /*!< Elliptic curve and base point */
|
ecp_group grp; /*!< Elliptic curve and base point */
|
||||||
mpi d; /*!< our secret value */
|
mpi d; /*!< our secret value */
|
||||||
ecp_point Q; /*!< our public value */
|
ecp_point Q; /*!< our public value */
|
||||||
int alg; /*!< algorithm to use this key with */
|
|
||||||
}
|
}
|
||||||
ecp_keypair;
|
ecp_keypair;
|
||||||
|
|
||||||
|
@ -121,8 +115,10 @@ ecp_keypair;
|
||||||
* parameters. Therefore, only well-known domain parameters from trusted
|
* parameters. Therefore, only well-known domain parameters from trusted
|
||||||
* sources should be used. See ecp_use_known_dp().
|
* sources should be used. See ecp_use_known_dp().
|
||||||
*
|
*
|
||||||
* \note The values are taken from RFC 4492's enum NamedCurve.
|
* \note The values are taken from RFC 4492's enum NamedCurve,
|
||||||
|
* except NONE which is used to denote uninitialized groups.
|
||||||
*/
|
*/
|
||||||
|
#define POLARSSL_ECP_DP_NONE 0
|
||||||
#define POLARSSL_ECP_DP_SECP192R1 19
|
#define POLARSSL_ECP_DP_SECP192R1 19
|
||||||
#define POLARSSL_ECP_DP_SECP224R1 21
|
#define POLARSSL_ECP_DP_SECP224R1 21
|
||||||
#define POLARSSL_ECP_DP_SECP256R1 23
|
#define POLARSSL_ECP_DP_SECP256R1 23
|
||||||
|
@ -158,12 +154,6 @@ ecp_keypair;
|
||||||
*/
|
*/
|
||||||
#define POLARSSL_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */
|
#define POLARSSL_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */
|
||||||
|
|
||||||
/*
|
|
||||||
* Algorithm identifiers from RFC 5480 for use with EC keys
|
|
||||||
*/
|
|
||||||
#define POLARSSL_ECP_KEY_ALG_UNRESTRICTED 0 /**< RFC 5480 2.1.1 */
|
|
||||||
#define POLARSSL_ECP_KEY_ALG_ECDH 1 /**< RFC 5480 2.1.2 */
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -276,6 +276,36 @@
|
||||||
* iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
|
* iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
|
||||||
#define OID_EC_GRP_SECP521R1 OID_CERTICOM "\x00\x23"
|
#define OID_EC_GRP_SECP521R1 OID_CERTICOM "\x00\x23"
|
||||||
|
|
||||||
|
/*
|
||||||
|
* ECDSA signature identifers, from RFC 5480
|
||||||
|
*/
|
||||||
|
#define OID_ANSI_X9_62_SIG OID_ANSI_X9_62 "\x04" /* signatures(4) */
|
||||||
|
#define OID_ANSI_X9_62_SIG_SHA2 OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
|
||||||
|
|
||||||
|
/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
|
||||||
|
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
|
||||||
|
#define OID_ECDSA_SHA1 OID_ANSI_X9_62_SIG "\x01"
|
||||||
|
|
||||||
|
/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
|
||||||
|
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
|
||||||
|
* ecdsa-with-SHA2(3) 1 } */
|
||||||
|
#define OID_ECDSA_SHA224 OID_ANSI_X9_62_SIG_SHA2 "\x01"
|
||||||
|
|
||||||
|
/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
|
||||||
|
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
|
||||||
|
* ecdsa-with-SHA2(3) 2 } */
|
||||||
|
#define OID_ECDSA_SHA256 OID_ANSI_X9_62_SIG_SHA2 "\x02"
|
||||||
|
|
||||||
|
/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
|
||||||
|
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
|
||||||
|
* ecdsa-with-SHA2(3) 3 } */
|
||||||
|
#define OID_ECDSA_SHA384 OID_ANSI_X9_62_SIG_SHA2 "\x03"
|
||||||
|
|
||||||
|
/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
|
||||||
|
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
|
||||||
|
* ecdsa-with-SHA2(3) 4 } */
|
||||||
|
#define OID_ECDSA_SHA512 OID_ANSI_X9_62_SIG_SHA2 "\x04"
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -27,7 +27,35 @@
|
||||||
#ifndef POLARSSL_PK_H
|
#ifndef POLARSSL_PK_H
|
||||||
#define POLARSSL_PK_H
|
#define POLARSSL_PK_H
|
||||||
|
|
||||||
|
#include "config.h"
|
||||||
|
|
||||||
|
#if defined(POLARSSL_RSA_C)
|
||||||
|
#include "rsa.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
#define POLARSSL_ERR_PK_MALLOC_FAILED -0x2F80 /**< Memory alloation failed. */
|
#define POLARSSL_ERR_PK_MALLOC_FAILED -0x2F80 /**< Memory alloation failed. */
|
||||||
|
#define POLARSSL_ERR_PK_TYPE_MISMATCH -0x2F00 /**< Type mismatch, eg attempt to use a RSA key as EC, or to modify key type */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_RSA_C)
|
||||||
|
/**
|
||||||
|
* Quick access to an RSA context inside a PK context.
|
||||||
|
*
|
||||||
|
* \warning You must make sure the PK context actually holds an RSA context
|
||||||
|
* before using this macro!
|
||||||
|
*/
|
||||||
|
#define pk_rsa( pk ) ( (rsa_context *) (pk).data )
|
||||||
|
#endif /* POLARSSL_RSA_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ECP_C)
|
||||||
|
/**
|
||||||
|
* Quick access to an EC context inside a PK context.
|
||||||
|
*
|
||||||
|
* \warning You must make sure the PK context actually holds an EC context
|
||||||
|
* before using this macro!
|
||||||
|
*/
|
||||||
|
#define pk_ec( pk ) ( (ecp_keypair *) (pk).data )
|
||||||
|
#endif /* POLARSSL_ECP_C */
|
||||||
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
extern "C" {
|
extern "C" {
|
||||||
|
@ -38,13 +66,10 @@ extern "C" {
|
||||||
*/
|
*/
|
||||||
typedef enum {
|
typedef enum {
|
||||||
POLARSSL_PK_NONE=0,
|
POLARSSL_PK_NONE=0,
|
||||||
#if defined(POLARSSL_RSA_C)
|
|
||||||
POLARSSL_PK_RSA,
|
POLARSSL_PK_RSA,
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_ECP_C)
|
|
||||||
POLARSSL_PK_ECKEY,
|
POLARSSL_PK_ECKEY,
|
||||||
POLARSSL_PK_ECKEY_DH,
|
POLARSSL_PK_ECKEY_DH,
|
||||||
#endif
|
POLARSSL_PK_ECDSA,
|
||||||
} pk_type_t;
|
} pk_type_t;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -54,6 +79,7 @@ typedef struct
|
||||||
{
|
{
|
||||||
pk_type_t type; /**< Public key type */
|
pk_type_t type; /**< Public key type */
|
||||||
void * data; /**< Public key data */
|
void * data; /**< Public key data */
|
||||||
|
int dont_free; /**< True if data must not be freed */
|
||||||
} pk_context;
|
} pk_context;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -72,10 +98,30 @@ void pk_free( pk_context *ctx );
|
||||||
* \param ctx Context to initialize
|
* \param ctx Context to initialize
|
||||||
* \param type Type of key
|
* \param type Type of key
|
||||||
*
|
*
|
||||||
* \return O on success, or POLARSSL_ERR_PK_MALLOC_FAILED
|
* \note Once the type of a key has been set, it cannot be reset.
|
||||||
|
* If you want to do so, you need to use pk_free() first.
|
||||||
|
*
|
||||||
|
* \return O on success,
|
||||||
|
* POLARSSL_ERR_PK_MALLOC_FAILED on memory allocation fail,
|
||||||
|
* POLARSSL_ERR_PK_TYPE_MISMATCH on attempts to reset type.
|
||||||
*/
|
*/
|
||||||
int pk_set_type( pk_context *ctx, pk_type_t type );
|
int pk_set_type( pk_context *ctx, pk_type_t type );
|
||||||
|
|
||||||
|
#if defined(POLARSSL_RSA_C)
|
||||||
|
/**
|
||||||
|
* \brief Wrap a RSA context in a PK context
|
||||||
|
*
|
||||||
|
* \param ctx PK context to initiliaze
|
||||||
|
* \param rsa RSA context to use
|
||||||
|
*
|
||||||
|
* \note The PK context must be freshly initialized.
|
||||||
|
*
|
||||||
|
* \return O on success,
|
||||||
|
* POLARSSL_ERR_PK_TYPE_MISMATCH if ctx was not empty.
|
||||||
|
*/
|
||||||
|
int pk_wrap_rsa( pk_context *ctx, const rsa_context *rsa);
|
||||||
|
#endif /* POLARSSL_RSA_C */
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -211,8 +211,7 @@ typedef struct _x509_cert
|
||||||
x509_time valid_from; /**< Start time of certificate validity. */
|
x509_time valid_from; /**< Start time of certificate validity. */
|
||||||
x509_time valid_to; /**< End time of certificate validity. */
|
x509_time valid_to; /**< End time of certificate validity. */
|
||||||
|
|
||||||
x509_buf pk_oid; /**< Subject public key info. Includes the public key algorithm and the key itself. */
|
pk_context pk; /**< Container for the public key context. */
|
||||||
rsa_context rsa; /**< Container for the RSA context. Only RSA is supported for public keys at this time. */
|
|
||||||
|
|
||||||
x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
|
x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
|
||||||
x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
|
x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
|
||||||
|
@ -417,6 +416,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen );
|
||||||
*/
|
*/
|
||||||
int x509parse_crlfile( x509_crl *chain, const char *path );
|
int x509parse_crlfile( x509_crl *chain, const char *path );
|
||||||
|
|
||||||
|
#if defined(POLARSSL_RSA_C)
|
||||||
/** \ingroup x509_module */
|
/** \ingroup x509_module */
|
||||||
/**
|
/**
|
||||||
* \brief Parse a private RSA key
|
* \brief Parse a private RSA key
|
||||||
|
@ -469,6 +469,7 @@ int x509parse_public_key_rsa( rsa_context *rsa,
|
||||||
* \return 0 if successful, or a specific X509 or PEM error code
|
* \return 0 if successful, or a specific X509 or PEM error code
|
||||||
*/
|
*/
|
||||||
int x509parse_public_keyfile_rsa( rsa_context *rsa, const char *path );
|
int x509parse_public_keyfile_rsa( rsa_context *rsa, const char *path );
|
||||||
|
#endif /* POLARSSL_RSA_C */
|
||||||
|
|
||||||
/** \ingroup x509_module */
|
/** \ingroup x509_module */
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -209,6 +209,24 @@ int asn1_get_bitstring( unsigned char **p, const unsigned char *end,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Get a bit string without unused bits
|
||||||
|
*/
|
||||||
|
int asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
|
||||||
|
size_t *len )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
if( ( ret = asn1_get_tag( p, end, len, ASN1_BIT_STRING ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
if( --*len < 1 || *(*p)++ != 0 )
|
||||||
|
return( POLARSSL_ERR_ASN1_INVALID_DATA );
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Parses and splits an ASN.1 "SEQUENCE OF <tag>"
|
* Parses and splits an ASN.1 "SEQUENCE OF <tag>"
|
||||||
|
|
|
@ -250,11 +250,25 @@ void debug_print_crt( const ssl_context *ssl, int level,
|
||||||
str[maxlen] = '\0';
|
str[maxlen] = '\0';
|
||||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
ssl->f_dbg( ssl->p_dbg, level, str );
|
||||||
|
|
||||||
|
#if defined(POLARSSL_RSA_C)
|
||||||
|
if( crt->pk.type == POLARSSL_PK_RSA )
|
||||||
|
{
|
||||||
debug_print_mpi( ssl, level, file, line,
|
debug_print_mpi( ssl, level, file, line,
|
||||||
"crt->rsa.N", &crt->rsa.N );
|
"crt->rsa.N", &pk_rsa( crt->pk )->N );
|
||||||
|
|
||||||
debug_print_mpi( ssl, level, file, line,
|
debug_print_mpi( ssl, level, file, line,
|
||||||
"crt->rsa.E", &crt->rsa.E );
|
"crt->rsa.E", &pk_rsa( crt->pk )->E );
|
||||||
|
} else
|
||||||
|
#endif /* POLARSSL_RSA_C */
|
||||||
|
#if defined(POLARSSL_ECP_C)
|
||||||
|
if( crt->pk.type == POLARSSL_PK_ECKEY ||
|
||||||
|
crt->pk.type == POLARSSL_PK_ECKEY_DH )
|
||||||
|
{
|
||||||
|
debug_print_ecp( ssl, level, file, line,
|
||||||
|
"crt->eckey.Q", &pk_ec( crt->pk )->Q );
|
||||||
|
} else
|
||||||
|
#endif /* POLARSSL_ECP_C */
|
||||||
|
debug_print_msg( ssl, level, file, line,
|
||||||
|
"crt->pk.type is not valid" );
|
||||||
|
|
||||||
crt = crt->next;
|
crt = crt->next;
|
||||||
}
|
}
|
||||||
|
|
|
@ -101,7 +101,6 @@ void ecp_keypair_init( ecp_keypair *key )
|
||||||
ecp_group_init( &key->grp );
|
ecp_group_init( &key->grp );
|
||||||
mpi_init( &key->d );
|
mpi_init( &key->d );
|
||||||
ecp_point_init( &key->Q );
|
ecp_point_init( &key->Q );
|
||||||
key->alg = POLARSSL_ECP_KEY_ALG_UNRESTRICTED;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -142,7 +141,6 @@ void ecp_keypair_free( ecp_keypair *key )
|
||||||
ecp_group_free( &key->grp );
|
ecp_group_free( &key->grp );
|
||||||
mpi_free( &key->d );
|
mpi_free( &key->d );
|
||||||
ecp_point_free( &key->Q );
|
ecp_point_free( &key->Q );
|
||||||
key->alg = POLARSSL_ECP_KEY_ALG_UNRESTRICTED;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -250,6 +250,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
|
||||||
#if defined(POLARSSL_PK_C)
|
#if defined(POLARSSL_PK_C)
|
||||||
if( use_ret == -(POLARSSL_ERR_PK_MALLOC_FAILED) )
|
if( use_ret == -(POLARSSL_ERR_PK_MALLOC_FAILED) )
|
||||||
snprintf( buf, buflen, "PK - Memory alloation failed" );
|
snprintf( buf, buflen, "PK - Memory alloation failed" );
|
||||||
|
if( use_ret == -(POLARSSL_ERR_PK_TYPE_MISMATCH) )
|
||||||
|
snprintf( buf, buflen, "PK - Type mismatch, eg attempt to use a RSA key as EC, or to modify key type" );
|
||||||
#endif /* POLARSSL_PK_C */
|
#endif /* POLARSSL_PK_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_PKCS12_C)
|
#if defined(POLARSSL_PKCS12_C)
|
||||||
|
|
|
@ -298,6 +298,26 @@ static const oid_sig_alg_t oid_sig_alg[] =
|
||||||
{ OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1" },
|
{ OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1" },
|
||||||
POLARSSL_MD_SHA1, POLARSSL_PK_RSA,
|
POLARSSL_MD_SHA1, POLARSSL_PK_RSA,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
{ OID_ECDSA_SHA1, "ecdsa-with-SHA1", "ECDSA with SHA1" },
|
||||||
|
POLARSSL_MD_SHA1, POLARSSL_PK_ECDSA,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
{ OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224" },
|
||||||
|
POLARSSL_MD_SHA224, POLARSSL_PK_ECDSA,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
{ OID_ECDSA_SHA256, "ecdsa-with-SHA256", "ECDSA with SHA256" },
|
||||||
|
POLARSSL_MD_SHA256, POLARSSL_PK_ECDSA,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
{ OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384" },
|
||||||
|
POLARSSL_MD_SHA384, POLARSSL_PK_ECDSA,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
{ OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512" },
|
||||||
|
POLARSSL_MD_SHA512, POLARSSL_PK_ECDSA,
|
||||||
|
},
|
||||||
{
|
{
|
||||||
{ NULL, NULL, NULL },
|
{ NULL, NULL, NULL },
|
||||||
0, 0,
|
0, 0,
|
||||||
|
@ -571,8 +591,7 @@ int oid_get_numeric_string( char *buf, size_t size,
|
||||||
for( i = 1; i < oid->len; i++ )
|
for( i = 1; i < oid->len; i++ )
|
||||||
{
|
{
|
||||||
/* Prevent overflow in value. */
|
/* Prevent overflow in value. */
|
||||||
unsigned int v = value << 7;
|
if ( ( ( value << 7 ) >> 7 ) != value )
|
||||||
if ( v < value )
|
|
||||||
return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
|
return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
|
||||||
|
|
||||||
value <<= 7;
|
value <<= 7;
|
||||||
|
|
74
library/pk.c
74
library/pk.c
|
@ -33,6 +33,9 @@
|
||||||
#if defined(POLARSSL_ECP_C)
|
#if defined(POLARSSL_ECP_C)
|
||||||
#include "polarssl/ecp.h"
|
#include "polarssl/ecp.h"
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(POLARSSL_ECDSA_C)
|
||||||
|
#include "polarssl/ecdsa.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
|
||||||
|
@ -46,6 +49,7 @@ void pk_init( pk_context *ctx )
|
||||||
|
|
||||||
ctx->type = POLARSSL_PK_NONE;
|
ctx->type = POLARSSL_PK_NONE;
|
||||||
ctx->data = NULL;
|
ctx->data = NULL;
|
||||||
|
ctx->dont_free = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -56,25 +60,26 @@ void pk_free( pk_context *ctx )
|
||||||
if( ctx == NULL )
|
if( ctx == NULL )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
switch( ctx->type )
|
|
||||||
{
|
|
||||||
case POLARSSL_PK_NONE:
|
|
||||||
break;
|
|
||||||
|
|
||||||
#if defined(POLARSSL_RSA_C)
|
#if defined(POLARSSL_RSA_C)
|
||||||
case POLARSSL_PK_RSA:
|
if( ctx->type == POLARSSL_PK_RSA )
|
||||||
rsa_free( ctx->data );
|
rsa_free( ctx->data );
|
||||||
break;
|
else
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_ECP_C)
|
#if defined(POLARSSL_ECP_C)
|
||||||
case POLARSSL_PK_ECKEY:
|
if( ctx->type == POLARSSL_PK_ECKEY || ctx->type == POLARSSL_PK_ECKEY_DH )
|
||||||
case POLARSSL_PK_ECKEY_DH:
|
|
||||||
ecp_keypair_free( ctx->data );
|
ecp_keypair_free( ctx->data );
|
||||||
break;
|
else
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(POLARSSL_ECDSA_C)
|
||||||
|
if( ctx->type == POLARSSL_PK_ECDSA )
|
||||||
|
ecdsa_free( ctx->data );
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
{
|
||||||
|
; /* guard for the else's above */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( ! ctx->dont_free )
|
||||||
free( ctx->data );
|
free( ctx->data );
|
||||||
|
|
||||||
ctx->type = POLARSSL_PK_NONE;
|
ctx->type = POLARSSL_PK_NONE;
|
||||||
|
@ -86,26 +91,30 @@ void pk_free( pk_context *ctx )
|
||||||
*/
|
*/
|
||||||
int pk_set_type( pk_context *ctx, pk_type_t type )
|
int pk_set_type( pk_context *ctx, pk_type_t type )
|
||||||
{
|
{
|
||||||
size_t size = 0;
|
size_t size;
|
||||||
|
|
||||||
|
if( ctx->type == type )
|
||||||
|
return( 0 );
|
||||||
|
|
||||||
|
if( ctx->type != POLARSSL_PK_NONE )
|
||||||
|
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
|
||||||
|
|
||||||
switch( type )
|
|
||||||
{
|
|
||||||
#if defined(POLARSSL_RSA_C)
|
#if defined(POLARSSL_RSA_C)
|
||||||
case POLARSSL_PK_RSA:
|
if( type == POLARSSL_PK_RSA )
|
||||||
size = sizeof( rsa_context );
|
size = sizeof( rsa_context );
|
||||||
break;
|
else
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_ECP_C)
|
#if defined(POLARSSL_ECP_C)
|
||||||
case POLARSSL_PK_ECKEY:
|
if( type == POLARSSL_PK_ECKEY || type == POLARSSL_PK_ECKEY_DH )
|
||||||
case POLARSSL_PK_ECKEY_DH:
|
|
||||||
size = sizeof( ecp_keypair );
|
size = sizeof( ecp_keypair );
|
||||||
break;
|
else
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(POLARSSL_ECDSA_C)
|
||||||
case POLARSSL_PK_NONE:
|
if( type == POLARSSL_PK_ECDSA )
|
||||||
; /* Should not happen */
|
size = sizeof( ecdsa_context );
|
||||||
}
|
else
|
||||||
|
#endif
|
||||||
|
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
|
||||||
|
|
||||||
if( ( ctx->data = malloc( size ) ) == NULL )
|
if( ( ctx->data = malloc( size ) ) == NULL )
|
||||||
return( POLARSSL_ERR_PK_MALLOC_FAILED );
|
return( POLARSSL_ERR_PK_MALLOC_FAILED );
|
||||||
|
@ -115,3 +124,20 @@ int pk_set_type( pk_context *ctx, pk_type_t type )
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(POLARSSL_RSA_C)
|
||||||
|
/*
|
||||||
|
* Wrap an RSA context in a PK context
|
||||||
|
*/
|
||||||
|
int pk_wrap_rsa( pk_context *ctx, const rsa_context *rsa)
|
||||||
|
{
|
||||||
|
if( ctx->type != POLARSSL_PK_NONE )
|
||||||
|
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
|
||||||
|
|
||||||
|
ctx->type = POLARSSL_PK_RSA;
|
||||||
|
ctx->data = (rsa_context *) rsa;
|
||||||
|
ctx->dont_free = 1;
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
|
@ -1072,8 +1072,12 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
||||||
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* EC NOT IMPLEMENTED YET */
|
||||||
|
if( ssl->session_negotiate->peer_cert->pk.type != POLARSSL_PK_RSA )
|
||||||
|
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
|
||||||
if( (unsigned int)( end - p ) !=
|
if( (unsigned int)( end - p ) !=
|
||||||
ssl->session_negotiate->peer_cert->rsa.len )
|
pk_rsa( ssl->session_negotiate->peer_cert->pk )->len )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
|
SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
|
||||||
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||||
|
@ -1139,9 +1143,9 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
||||||
|
|
||||||
SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
|
SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
|
||||||
|
|
||||||
if( ( ret = rsa_pkcs1_verify( &ssl->session_negotiate->peer_cert->rsa,
|
if( ( ret = rsa_pkcs1_verify(
|
||||||
RSA_PUBLIC,
|
pk_rsa( ssl->session_negotiate->peer_cert->pk ),
|
||||||
md_alg, hashlen, hash, p ) ) != 0 )
|
RSA_PUBLIC, md_alg, hashlen, hash, p ) ) != 0 )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret );
|
SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -1516,8 +1520,12 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
|
||||||
|
/* EC NOT IMPLEMENTED YET */
|
||||||
|
if( ssl->session_negotiate->peer_cert->pk.type != POLARSSL_PK_RSA )
|
||||||
|
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
|
||||||
i = 4;
|
i = 4;
|
||||||
n = ssl->session_negotiate->peer_cert->rsa.len;
|
n = pk_rsa( ssl->session_negotiate->peer_cert->pk )->len;
|
||||||
|
|
||||||
if( ssl->minor_ver != SSL_MINOR_VERSION_0 )
|
if( ssl->minor_ver != SSL_MINOR_VERSION_0 )
|
||||||
{
|
{
|
||||||
|
@ -1526,11 +1534,10 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
||||||
ssl->out_msg[5] = (unsigned char)( n );
|
ssl->out_msg[5] = (unsigned char)( n );
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = rsa_pkcs1_encrypt( &ssl->session_negotiate->peer_cert->rsa,
|
ret = rsa_pkcs1_encrypt(
|
||||||
ssl->f_rng, ssl->p_rng,
|
pk_rsa( ssl->session_negotiate->peer_cert->pk ),
|
||||||
RSA_PUBLIC,
|
ssl->f_rng, ssl->p_rng, RSA_PUBLIC,
|
||||||
ssl->handshake->pmslen,
|
ssl->handshake->pmslen, ssl->handshake->premaster,
|
||||||
ssl->handshake->premaster,
|
|
||||||
ssl->out_msg + i );
|
ssl->out_msg + i );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
|
|
|
@ -1968,7 +1968,11 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
|
||||||
md_alg = POLARSSL_MD_NONE;
|
md_alg = POLARSSL_MD_NONE;
|
||||||
}
|
}
|
||||||
|
|
||||||
n1 = ssl->session_negotiate->peer_cert->rsa.len;
|
/* EC NOT IMPLEMENTED YET */
|
||||||
|
if( ssl->session_negotiate->peer_cert->pk.type != POLARSSL_PK_RSA )
|
||||||
|
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
|
||||||
|
n1 = pk_rsa( ssl->session_negotiate->peer_cert->pk )->len;
|
||||||
n2 = ( ssl->in_msg[4 + n] << 8 ) | ssl->in_msg[5 + n];
|
n2 = ( ssl->in_msg[4 + n] << 8 ) | ssl->in_msg[5 + n];
|
||||||
|
|
||||||
if( n + n1 + 6 != ssl->in_hslen || n1 != n2 )
|
if( n + n1 + 6 != ssl->in_hslen || n1 != n2 )
|
||||||
|
@ -1977,8 +1981,9 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
|
||||||
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
|
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = rsa_pkcs1_verify( &ssl->session_negotiate->peer_cert->rsa, RSA_PUBLIC,
|
ret = rsa_pkcs1_verify( pk_rsa( ssl->session_negotiate->peer_cert->pk ),
|
||||||
md_alg, hashlen, hash, ssl->in_msg + 6 + n );
|
RSA_PUBLIC, md_alg, hashlen, hash,
|
||||||
|
ssl->in_msg + 6 + n );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret );
|
SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret );
|
||||||
|
|
1212
library/x509parse.c
1212
library/x509parse.c
File diff suppressed because it is too large
Load diff
|
@ -206,19 +206,28 @@ int main( int argc, char *argv[] )
|
||||||
printf( " ok\n" );
|
printf( " ok\n" );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 1.5. Verify certificate validity with private key
|
* 1.6. Verify certificate validity with private key
|
||||||
*/
|
*/
|
||||||
printf( " . Verify the client certificate with private key..." );
|
printf( " . Verify the client certificate with private key..." );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
ret = mpi_cmp_mpi(&rsa.N, &clicert.rsa.N);
|
|
||||||
|
/* EC NOT IMPLEMENTED YET */
|
||||||
|
if( clicert.pk.type != POLARSSL_PK_RSA )
|
||||||
|
{
|
||||||
|
printf( " failed\n ! certificate's key is not RSA\n\n" );
|
||||||
|
ret = POLARSSL_ERR_X509_FEATURE_UNAVAILABLE;
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = mpi_cmp_mpi(&rsa.N, &pk_rsa( clicert.pk )->N);
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
printf( " failed\n ! mpi_cmp_mpi for N returned %d\n\n", ret );
|
printf( " failed\n ! mpi_cmp_mpi for N returned %d\n\n", ret );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = mpi_cmp_mpi(&rsa.E, &clicert.rsa.E);
|
ret = mpi_cmp_mpi(&rsa.E, &pk_rsa( clicert.pk )->E);
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
printf( " failed\n ! mpi_cmp_mpi for E returned %d\n\n", ret );
|
printf( " failed\n ! mpi_cmp_mpi for E returned %d\n\n", ret );
|
||||||
|
|
BIN
tests/data_files/test-ca2.crt
Normal file
BIN
tests/data_files/test-ca2.crt
Normal file
Binary file not shown.
8
tests/data_files/test-ca2.key
Normal file
8
tests/data_files/test-ca2.key
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBAQ==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MF8CAQEEGKHCq9vcqkdzGdKSIUP2M9o/vu1rja5jxqAKBggqhkjOPQMBAaE0AzIA
|
||||||
|
BCE3lp+r1ONwYkoOGjPjecq5UMzgDvjDw+KtrrcnHI8HZZ1l09d33PIWFDY65Lbm
|
||||||
|
Fw==
|
||||||
|
-----END EC PRIVATE KEY-----
|
|
@ -1,7 +1,11 @@
|
||||||
Debug print certificate #1
|
Debug print certificate #1 (RSA)
|
||||||
depends_on:POLARSSL_FS_IO:POLARSSL_PEM_C:POLARSSL_BASE64_C
|
depends_on:POLARSSL_FS_IO:POLARSSL_PEM_C:POLARSSL_BASE64_C
|
||||||
debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2011-02-12 14\:44\:06\nMyFile(0999)\: expires on \: 2021-02-12 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
|
debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2011-02-12 14\:44\:06\nMyFile(0999)\: expires on \: 2021-02-12 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
|
||||||
|
|
||||||
|
Debug print certificate #2 (EC)
|
||||||
|
depends_on:POLARSSL_FS_IO:POLARSSL_PEM_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||||
|
debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 1\nMyFile(0999)\: serial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nMyFile(0999)\: issuer name \: CN=Test\nMyFile(0999)\: subject name \: CN=Test\nMyFile(0999)\: issued on \: 2013-07-10 09\:40\:19\nMyFile(0999)\: expires on \: 2023-07-08 09\:40\:19\nMyFile(0999)\: signed using \: ECDSA with SHA1\nMyFile(0999)\: EC key size \: 192 bits\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (190 bits) is\:\nMyFile(0999)\: 21 37 96 9f ab d4 e3 70 62 4a 0e 1a 33 e3 79 ca\nMyFile(0999)\: b9 50 cc e0 0e f8 c3 c3\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (192 bits) is\:\nMyFile(0999)\: e2 ad ae b7 27 1c 8f 07 65 9d 65 d3 d7 77 dc f2\nMyFile(0999)\: 16 14 36 3a e4 b6 e6 17\nMyFile(0999)\: value of 'crt->eckey.Q(Z)' (1 bits) is\:\nMyFile(0999)\: 01\n"
|
||||||
|
|
||||||
Debug print mpi #1
|
Debug print mpi #1
|
||||||
debug_print_mpi:16:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n"
|
debug_print_mpi:16:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n"
|
||||||
|
|
||||||
|
|
|
@ -187,39 +187,39 @@ depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||||
x509parse_public_keyfile_rsa:"data_files/format_gen.pub":0
|
x509parse_public_keyfile_rsa:"data_files/format_gen.pub":0
|
||||||
|
|
||||||
X509 Parse Public EC Key #1 (RFC 5480, DER)
|
X509 Parse Public EC Key #1 (RFC 5480, DER)
|
||||||
depends_on:POLARSSL_ECP_C:POLARSSL_FS_IO
|
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_FS_IO
|
||||||
x509parse_public_keyfile_ec:"data_files/ec_pub.der":0
|
x509parse_public_keyfile_ec:"data_files/ec_pub.der":0
|
||||||
|
|
||||||
X509 Parse Public EC Key #2 (RFC 5480, PEM)
|
X509 Parse Public EC Key #2 (RFC 5480, PEM)
|
||||||
depends_on:POLARSSL_PEM_C:POLARSSL_ECP_C:POLARSSL_FS_IO
|
depends_on:POLARSSL_PEM_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_FS_IO
|
||||||
x509parse_public_keyfile_ec:"data_files/ec_pub.pem":0
|
x509parse_public_keyfile_ec:"data_files/ec_pub.pem":0
|
||||||
|
|
||||||
X509 Parse EC Key #1 (SEC1 DER)
|
X509 Parse EC Key #1 (SEC1 DER)
|
||||||
depends_on:POLARSSL_FS_IO:POLARSSL_ECP_C
|
depends_on:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||||
x509parse_keyfile_ec:"data_files/ec_prv.sec1.der":NULL:0
|
x509parse_keyfile_ec:"data_files/ec_prv.sec1.der":NULL:0
|
||||||
|
|
||||||
X509 Parse EC Key #2 (SEC1 PEM)
|
X509 Parse EC Key #2 (SEC1 PEM)
|
||||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C
|
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||||
x509parse_keyfile_ec:"data_files/ec_prv.sec1.pem":NULL:0
|
x509parse_keyfile_ec:"data_files/ec_prv.sec1.pem":NULL:0
|
||||||
|
|
||||||
X509 Parse EC Key #3 (SEC1 PEM encrypted)
|
X509 Parse EC Key #3 (SEC1 PEM encrypted)
|
||||||
depends_on:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C
|
depends_on:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||||
x509parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0
|
x509parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0
|
||||||
|
|
||||||
X509 Parse EC Key #4 (PKCS8 DER)
|
X509 Parse EC Key #4 (PKCS8 DER)
|
||||||
depends_on:POLARSSL_FS_IO:POLARSSL_ECP_C
|
depends_on:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||||
x509parse_keyfile_ec:"data_files/ec_prv.pk8.der":NULL:0
|
x509parse_keyfile_ec:"data_files/ec_prv.pk8.der":NULL:0
|
||||||
|
|
||||||
X509 Parse EC Key #5 (PKCS8 PEM)
|
X509 Parse EC Key #5 (PKCS8 PEM)
|
||||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C
|
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||||
x509parse_keyfile_ec:"data_files/ec_prv.pk8.pem":NULL:0
|
x509parse_keyfile_ec:"data_files/ec_prv.pk8.pem":NULL:0
|
||||||
|
|
||||||
X509 Parse EC Key #6 (PKCS8 encrypted DER)
|
X509 Parse EC Key #6 (PKCS8 encrypted DER)
|
||||||
depends_on:POLARSSL_DES_C:POLARSSL_FS_IO:POLARSSL_ECP_C
|
depends_on:POLARSSL_DES_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||||
x509parse_keyfile_ec:"data_files/ec_prv.pk8.pw.der":"polar":0
|
x509parse_keyfile_ec:"data_files/ec_prv.pk8.pw.der":"polar":0
|
||||||
|
|
||||||
X509 Parse EC Key #7 (PKCS8 encrypted PEM)
|
X509 Parse EC Key #7 (PKCS8 encrypted PEM)
|
||||||
depends_on:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C
|
depends_on:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||||
x509parse_keyfile_ec:"data_files/ec_prv.pk8.pw.pem":"polar":0
|
x509parse_keyfile_ec:"data_files/ec_prv.pk8.pw.pem":"polar":0
|
||||||
|
|
||||||
X509 Get Distinguished Name #1
|
X509 Get Distinguished Name #1
|
||||||
|
@ -511,7 +511,7 @@ X509 Certificate ASN1 (TBSCertificate, valid subject, no pubkeyinfo)
|
||||||
x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, pubkey, no alg)
|
X509 Certificate ASN1 (TBSCertificate, pubkey, no alg)
|
||||||
x509parse_crt:"30583056a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30583056a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, valid subject, unknown pk alg)
|
X509 Certificate ASN1 (TBSCertificate, valid subject, unknown pk alg)
|
||||||
x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101000500":"":POLARSSL_ERR_X509_UNKNOWN_PK_ALG
|
x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101000500":"":POLARSSL_ERR_X509_UNKNOWN_PK_ALG
|
||||||
|
@ -523,7 +523,7 @@ X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring data)
|
||||||
x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, pubkey, invalid bitstring start)
|
X509 Certificate ASN1 (TBSCertificate, pubkey, invalid bitstring start)
|
||||||
x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY
|
x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_INVALID_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring length)
|
X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring length)
|
||||||
x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||||
|
@ -595,7 +595,7 @@ X509 Certificate ASN1 (sig_alg, no sig)
|
||||||
x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (signature, invalid sig data)
|
X509 Certificate ASN1 (signature, invalid sig data)
|
||||||
x509parse_crt:"308195308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030100":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE
|
x509parse_crt:"308195308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030100":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_INVALID_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (signature, data left)
|
X509 Certificate ASN1 (signature, data left)
|
||||||
x509parse_crt:"308197308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff00":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
x509parse_crt:"308197308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff00":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||||
|
@ -633,6 +633,17 @@ x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010205003
|
||||||
X509 Certificate ASN1 (Name with unknown PKCS9 part)
|
X509 Certificate ASN1 (Name with unknown PKCS9 part)
|
||||||
x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
|
x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
|
||||||
|
|
||||||
|
X509 Certificate ASN1 (ECDSA signature, RSA key)
|
||||||
|
x509parse_crt:"3081E630819E020103300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343631385A170D3233303730383039343631385A300F310D300B0603550403130454657374304C300D06092A864886F70D0101010500033B003038023100E8F546061D3B49BC2F6B7524B7EA4D73A8D5293EE8C64D9407B70B5D16BAEBC32B8205591EAB4E1EB57E9241883701250203010001300906072A8648CE3D0401033800303502186E18209AFBED14A0D9A796EFCAD68891E3CCD5F75815C833021900E92B4FD460B1994693243B9FFAD54729DE865381BDA41D25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0
|
||||||
|
|
||||||
|
X509 Certificate ASN1 (ECDSA signature, EC key)
|
||||||
|
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||||
|
x509parse_crt:"3081EB3081A3020900F41534662EC7E912300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343031395A170D3233303730383039343031395A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D030101033200042137969FABD4E370624A0E1A33E379CAB950CCE00EF8C3C3E2ADAEB7271C8F07659D65D3D777DCF21614363AE4B6E617300906072A8648CE3D04010338003035021858CC0F957946FE6A303D92885A456AA74C743C7B708CBD37021900FE293CAC21AF352D16B82EB8EA54E9410B3ABAADD9F05DD6":"cert. version \: 1\nserial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:40\:19\nexpires on \: 2023-07-08 09\:40\:19\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n":0
|
||||||
|
|
||||||
|
X509 Certificate ASN1 (RSA signature, EC key)
|
||||||
|
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||||
|
x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0
|
||||||
|
|
||||||
X509 CRL ASN1 (Incorrect first tag)
|
X509 CRL ASN1 (Incorrect first tag)
|
||||||
x509parse_crl:"":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT
|
x509parse_crl:"":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue