Merge branch 'parse-ec-crt' into development

This commit is contained in:
Paul Bakker 2013-07-17 16:00:33 +02:00
commit de9f9efc2e
19 changed files with 743 additions and 878 deletions

View file

@ -212,6 +212,19 @@ int asn1_get_int( unsigned char **p,
int asn1_get_bitstring( unsigned char **p, const unsigned char *end, int asn1_get_bitstring( unsigned char **p, const unsigned char *end,
asn1_bitstring *bs); asn1_bitstring *bs);
/**
* Retrieve a bitstring ASN.1 tag without unused bits and its value.
* Updates the pointer to the beginning of the bit/octet string.
*
* \param p The position in the ASN.1 data
* \param end End of data
* \param len Length of the actual bit/octect string in bytes
*
* \return 0 if successful or a specific ASN.1 error code.
*/
int asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
size_t *len );
/** /**
* Parses and splits an ASN.1 "SEQUENCE OF <tag>" * Parses and splits an ASN.1 "SEQUENCE OF <tag>"
* Updated the pointer to immediately behind the full sequence tag. * Updated the pointer to immediately behind the full sequence tag.

View file

@ -95,18 +95,12 @@ ecp_group;
* \brief ECP key pair structure * \brief ECP key pair structure
* *
* A generic key pair that could be used for ECDSA, fixed ECDH, etc. * A generic key pair that could be used for ECDSA, fixed ECDH, etc.
* Usage can be restricted to a particular algorithm by the 'alg' field,
* see POLARSSL_ECP_KEY_ALG_* constants (default: unrestricted).
*
* \sa ecdh_context
* \sa ecdsa_context
*/ */
typedef struct typedef struct
{ {
ecp_group grp; /*!< Elliptic curve and base point */ ecp_group grp; /*!< Elliptic curve and base point */
mpi d; /*!< our secret value */ mpi d; /*!< our secret value */
ecp_point Q; /*!< our public value */ ecp_point Q; /*!< our public value */
int alg; /*!< algorithm to use this key with */
} }
ecp_keypair; ecp_keypair;
@ -121,8 +115,10 @@ ecp_keypair;
* parameters. Therefore, only well-known domain parameters from trusted * parameters. Therefore, only well-known domain parameters from trusted
* sources should be used. See ecp_use_known_dp(). * sources should be used. See ecp_use_known_dp().
* *
* \note The values are taken from RFC 4492's enum NamedCurve. * \note The values are taken from RFC 4492's enum NamedCurve,
* except NONE which is used to denote uninitialized groups.
*/ */
#define POLARSSL_ECP_DP_NONE 0
#define POLARSSL_ECP_DP_SECP192R1 19 #define POLARSSL_ECP_DP_SECP192R1 19
#define POLARSSL_ECP_DP_SECP224R1 21 #define POLARSSL_ECP_DP_SECP224R1 21
#define POLARSSL_ECP_DP_SECP256R1 23 #define POLARSSL_ECP_DP_SECP256R1 23
@ -158,12 +154,6 @@ ecp_keypair;
*/ */
#define POLARSSL_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */ #define POLARSSL_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */
/*
* Algorithm identifiers from RFC 5480 for use with EC keys
*/
#define POLARSSL_ECP_KEY_ALG_UNRESTRICTED 0 /**< RFC 5480 2.1.1 */
#define POLARSSL_ECP_KEY_ALG_ECDH 1 /**< RFC 5480 2.1.2 */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif

View file

@ -276,6 +276,36 @@
* iso(1) identified-organization(3) certicom(132) curve(0) 35 } */ * iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
#define OID_EC_GRP_SECP521R1 OID_CERTICOM "\x00\x23" #define OID_EC_GRP_SECP521R1 OID_CERTICOM "\x00\x23"
/*
* ECDSA signature identifers, from RFC 5480
*/
#define OID_ANSI_X9_62_SIG OID_ANSI_X9_62 "\x04" /* signatures(4) */
#define OID_ANSI_X9_62_SIG_SHA2 OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
#define OID_ECDSA_SHA1 OID_ANSI_X9_62_SIG "\x01"
/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
* ecdsa-with-SHA2(3) 1 } */
#define OID_ECDSA_SHA224 OID_ANSI_X9_62_SIG_SHA2 "\x01"
/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
* ecdsa-with-SHA2(3) 2 } */
#define OID_ECDSA_SHA256 OID_ANSI_X9_62_SIG_SHA2 "\x02"
/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
* ecdsa-with-SHA2(3) 3 } */
#define OID_ECDSA_SHA384 OID_ANSI_X9_62_SIG_SHA2 "\x03"
/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
* ecdsa-with-SHA2(3) 4 } */
#define OID_ECDSA_SHA512 OID_ANSI_X9_62_SIG_SHA2 "\x04"
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif

View file

@ -27,7 +27,35 @@
#ifndef POLARSSL_PK_H #ifndef POLARSSL_PK_H
#define POLARSSL_PK_H #define POLARSSL_PK_H
#include "config.h"
#if defined(POLARSSL_RSA_C)
#include "rsa.h"
#endif
#define POLARSSL_ERR_PK_MALLOC_FAILED -0x2F80 /**< Memory alloation failed. */ #define POLARSSL_ERR_PK_MALLOC_FAILED -0x2F80 /**< Memory alloation failed. */
#define POLARSSL_ERR_PK_TYPE_MISMATCH -0x2F00 /**< Type mismatch, eg attempt to use a RSA key as EC, or to modify key type */
#if defined(POLARSSL_RSA_C)
/**
* Quick access to an RSA context inside a PK context.
*
* \warning You must make sure the PK context actually holds an RSA context
* before using this macro!
*/
#define pk_rsa( pk ) ( (rsa_context *) (pk).data )
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECP_C)
/**
* Quick access to an EC context inside a PK context.
*
* \warning You must make sure the PK context actually holds an EC context
* before using this macro!
*/
#define pk_ec( pk ) ( (ecp_keypair *) (pk).data )
#endif /* POLARSSL_ECP_C */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
@ -38,13 +66,10 @@ extern "C" {
*/ */
typedef enum { typedef enum {
POLARSSL_PK_NONE=0, POLARSSL_PK_NONE=0,
#if defined(POLARSSL_RSA_C)
POLARSSL_PK_RSA, POLARSSL_PK_RSA,
#endif
#if defined(POLARSSL_ECP_C)
POLARSSL_PK_ECKEY, POLARSSL_PK_ECKEY,
POLARSSL_PK_ECKEY_DH, POLARSSL_PK_ECKEY_DH,
#endif POLARSSL_PK_ECDSA,
} pk_type_t; } pk_type_t;
/** /**
@ -54,6 +79,7 @@ typedef struct
{ {
pk_type_t type; /**< Public key type */ pk_type_t type; /**< Public key type */
void * data; /**< Public key data */ void * data; /**< Public key data */
int dont_free; /**< True if data must not be freed */
} pk_context; } pk_context;
/** /**
@ -72,10 +98,30 @@ void pk_free( pk_context *ctx );
* \param ctx Context to initialize * \param ctx Context to initialize
* \param type Type of key * \param type Type of key
* *
* \return O on success, or POLARSSL_ERR_PK_MALLOC_FAILED * \note Once the type of a key has been set, it cannot be reset.
* If you want to do so, you need to use pk_free() first.
*
* \return O on success,
* POLARSSL_ERR_PK_MALLOC_FAILED on memory allocation fail,
* POLARSSL_ERR_PK_TYPE_MISMATCH on attempts to reset type.
*/ */
int pk_set_type( pk_context *ctx, pk_type_t type ); int pk_set_type( pk_context *ctx, pk_type_t type );
#if defined(POLARSSL_RSA_C)
/**
* \brief Wrap a RSA context in a PK context
*
* \param ctx PK context to initiliaze
* \param rsa RSA context to use
*
* \note The PK context must be freshly initialized.
*
* \return O on success,
* POLARSSL_ERR_PK_TYPE_MISMATCH if ctx was not empty.
*/
int pk_wrap_rsa( pk_context *ctx, const rsa_context *rsa);
#endif /* POLARSSL_RSA_C */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

View file

@ -211,8 +211,7 @@ typedef struct _x509_cert
x509_time valid_from; /**< Start time of certificate validity. */ x509_time valid_from; /**< Start time of certificate validity. */
x509_time valid_to; /**< End time of certificate validity. */ x509_time valid_to; /**< End time of certificate validity. */
x509_buf pk_oid; /**< Subject public key info. Includes the public key algorithm and the key itself. */ pk_context pk; /**< Container for the public key context. */
rsa_context rsa; /**< Container for the RSA context. Only RSA is supported for public keys at this time. */
x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */ x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
@ -417,6 +416,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen );
*/ */
int x509parse_crlfile( x509_crl *chain, const char *path ); int x509parse_crlfile( x509_crl *chain, const char *path );
#if defined(POLARSSL_RSA_C)
/** \ingroup x509_module */ /** \ingroup x509_module */
/** /**
* \brief Parse a private RSA key * \brief Parse a private RSA key
@ -469,6 +469,7 @@ int x509parse_public_key_rsa( rsa_context *rsa,
* \return 0 if successful, or a specific X509 or PEM error code * \return 0 if successful, or a specific X509 or PEM error code
*/ */
int x509parse_public_keyfile_rsa( rsa_context *rsa, const char *path ); int x509parse_public_keyfile_rsa( rsa_context *rsa, const char *path );
#endif /* POLARSSL_RSA_C */
/** \ingroup x509_module */ /** \ingroup x509_module */
/** /**

View file

@ -209,6 +209,24 @@ int asn1_get_bitstring( unsigned char **p, const unsigned char *end,
return 0; return 0;
} }
/*
* Get a bit string without unused bits
*/
int asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
size_t *len )
{
int ret;
if( ( ret = asn1_get_tag( p, end, len, ASN1_BIT_STRING ) ) != 0 )
return( ret );
if( --*len < 1 || *(*p)++ != 0 )
return( POLARSSL_ERR_ASN1_INVALID_DATA );
return( 0 );
}
/* /*
* Parses and splits an ASN.1 "SEQUENCE OF <tag>" * Parses and splits an ASN.1 "SEQUENCE OF <tag>"

View file

@ -250,11 +250,25 @@ void debug_print_crt( const ssl_context *ssl, int level,
str[maxlen] = '\0'; str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str ); ssl->f_dbg( ssl->p_dbg, level, str );
#if defined(POLARSSL_RSA_C)
if( crt->pk.type == POLARSSL_PK_RSA )
{
debug_print_mpi( ssl, level, file, line, debug_print_mpi( ssl, level, file, line,
"crt->rsa.N", &crt->rsa.N ); "crt->rsa.N", &pk_rsa( crt->pk )->N );
debug_print_mpi( ssl, level, file, line, debug_print_mpi( ssl, level, file, line,
"crt->rsa.E", &crt->rsa.E ); "crt->rsa.E", &pk_rsa( crt->pk )->E );
} else
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECP_C)
if( crt->pk.type == POLARSSL_PK_ECKEY ||
crt->pk.type == POLARSSL_PK_ECKEY_DH )
{
debug_print_ecp( ssl, level, file, line,
"crt->eckey.Q", &pk_ec( crt->pk )->Q );
} else
#endif /* POLARSSL_ECP_C */
debug_print_msg( ssl, level, file, line,
"crt->pk.type is not valid" );
crt = crt->next; crt = crt->next;
} }

View file

@ -101,7 +101,6 @@ void ecp_keypair_init( ecp_keypair *key )
ecp_group_init( &key->grp ); ecp_group_init( &key->grp );
mpi_init( &key->d ); mpi_init( &key->d );
ecp_point_init( &key->Q ); ecp_point_init( &key->Q );
key->alg = POLARSSL_ECP_KEY_ALG_UNRESTRICTED;
} }
/* /*
@ -142,7 +141,6 @@ void ecp_keypair_free( ecp_keypair *key )
ecp_group_free( &key->grp ); ecp_group_free( &key->grp );
mpi_free( &key->d ); mpi_free( &key->d );
ecp_point_free( &key->Q ); ecp_point_free( &key->Q );
key->alg = POLARSSL_ECP_KEY_ALG_UNRESTRICTED;
} }
/* /*

View file

@ -250,6 +250,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
#if defined(POLARSSL_PK_C) #if defined(POLARSSL_PK_C)
if( use_ret == -(POLARSSL_ERR_PK_MALLOC_FAILED) ) if( use_ret == -(POLARSSL_ERR_PK_MALLOC_FAILED) )
snprintf( buf, buflen, "PK - Memory alloation failed" ); snprintf( buf, buflen, "PK - Memory alloation failed" );
if( use_ret == -(POLARSSL_ERR_PK_TYPE_MISMATCH) )
snprintf( buf, buflen, "PK - Type mismatch, eg attempt to use a RSA key as EC, or to modify key type" );
#endif /* POLARSSL_PK_C */ #endif /* POLARSSL_PK_C */
#if defined(POLARSSL_PKCS12_C) #if defined(POLARSSL_PKCS12_C)

View file

@ -298,6 +298,26 @@ static const oid_sig_alg_t oid_sig_alg[] =
{ OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1" }, { OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1" },
POLARSSL_MD_SHA1, POLARSSL_PK_RSA, POLARSSL_MD_SHA1, POLARSSL_PK_RSA,
}, },
{
{ OID_ECDSA_SHA1, "ecdsa-with-SHA1", "ECDSA with SHA1" },
POLARSSL_MD_SHA1, POLARSSL_PK_ECDSA,
},
{
{ OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224" },
POLARSSL_MD_SHA224, POLARSSL_PK_ECDSA,
},
{
{ OID_ECDSA_SHA256, "ecdsa-with-SHA256", "ECDSA with SHA256" },
POLARSSL_MD_SHA256, POLARSSL_PK_ECDSA,
},
{
{ OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384" },
POLARSSL_MD_SHA384, POLARSSL_PK_ECDSA,
},
{
{ OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512" },
POLARSSL_MD_SHA512, POLARSSL_PK_ECDSA,
},
{ {
{ NULL, NULL, NULL }, { NULL, NULL, NULL },
0, 0, 0, 0,
@ -571,8 +591,7 @@ int oid_get_numeric_string( char *buf, size_t size,
for( i = 1; i < oid->len; i++ ) for( i = 1; i < oid->len; i++ )
{ {
/* Prevent overflow in value. */ /* Prevent overflow in value. */
unsigned int v = value << 7; if ( ( ( value << 7 ) >> 7 ) != value )
if ( v < value )
return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL ); return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
value <<= 7; value <<= 7;

View file

@ -33,6 +33,9 @@
#if defined(POLARSSL_ECP_C) #if defined(POLARSSL_ECP_C)
#include "polarssl/ecp.h" #include "polarssl/ecp.h"
#endif #endif
#if defined(POLARSSL_ECDSA_C)
#include "polarssl/ecdsa.h"
#endif
#include <stdlib.h> #include <stdlib.h>
@ -46,6 +49,7 @@ void pk_init( pk_context *ctx )
ctx->type = POLARSSL_PK_NONE; ctx->type = POLARSSL_PK_NONE;
ctx->data = NULL; ctx->data = NULL;
ctx->dont_free = 0;
} }
/* /*
@ -56,25 +60,26 @@ void pk_free( pk_context *ctx )
if( ctx == NULL ) if( ctx == NULL )
return; return;
switch( ctx->type )
{
case POLARSSL_PK_NONE:
break;
#if defined(POLARSSL_RSA_C) #if defined(POLARSSL_RSA_C)
case POLARSSL_PK_RSA: if( ctx->type == POLARSSL_PK_RSA )
rsa_free( ctx->data ); rsa_free( ctx->data );
break; else
#endif #endif
#if defined(POLARSSL_ECP_C) #if defined(POLARSSL_ECP_C)
case POLARSSL_PK_ECKEY: if( ctx->type == POLARSSL_PK_ECKEY || ctx->type == POLARSSL_PK_ECKEY_DH )
case POLARSSL_PK_ECKEY_DH:
ecp_keypair_free( ctx->data ); ecp_keypair_free( ctx->data );
break; else
#endif #endif
#if defined(POLARSSL_ECDSA_C)
if( ctx->type == POLARSSL_PK_ECDSA )
ecdsa_free( ctx->data );
else
#endif
{
; /* guard for the else's above */
} }
if( ! ctx->dont_free )
free( ctx->data ); free( ctx->data );
ctx->type = POLARSSL_PK_NONE; ctx->type = POLARSSL_PK_NONE;
@ -86,26 +91,30 @@ void pk_free( pk_context *ctx )
*/ */
int pk_set_type( pk_context *ctx, pk_type_t type ) int pk_set_type( pk_context *ctx, pk_type_t type )
{ {
size_t size = 0; size_t size;
if( ctx->type == type )
return( 0 );
if( ctx->type != POLARSSL_PK_NONE )
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
switch( type )
{
#if defined(POLARSSL_RSA_C) #if defined(POLARSSL_RSA_C)
case POLARSSL_PK_RSA: if( type == POLARSSL_PK_RSA )
size = sizeof( rsa_context ); size = sizeof( rsa_context );
break; else
#endif #endif
#if defined(POLARSSL_ECP_C) #if defined(POLARSSL_ECP_C)
case POLARSSL_PK_ECKEY: if( type == POLARSSL_PK_ECKEY || type == POLARSSL_PK_ECKEY_DH )
case POLARSSL_PK_ECKEY_DH:
size = sizeof( ecp_keypair ); size = sizeof( ecp_keypair );
break; else
#endif #endif
#if defined(POLARSSL_ECDSA_C)
case POLARSSL_PK_NONE: if( type == POLARSSL_PK_ECDSA )
; /* Should not happen */ size = sizeof( ecdsa_context );
} else
#endif
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
if( ( ctx->data = malloc( size ) ) == NULL ) if( ( ctx->data = malloc( size ) ) == NULL )
return( POLARSSL_ERR_PK_MALLOC_FAILED ); return( POLARSSL_ERR_PK_MALLOC_FAILED );
@ -115,3 +124,20 @@ int pk_set_type( pk_context *ctx, pk_type_t type )
return( 0 ); return( 0 );
} }
#if defined(POLARSSL_RSA_C)
/*
* Wrap an RSA context in a PK context
*/
int pk_wrap_rsa( pk_context *ctx, const rsa_context *rsa)
{
if( ctx->type != POLARSSL_PK_NONE )
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
ctx->type = POLARSSL_PK_RSA;
ctx->data = (rsa_context *) rsa;
ctx->dont_free = 1;
return( 0 );
}
#endif

View file

@ -1072,8 +1072,12 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
} }
/* EC NOT IMPLEMENTED YET */
if( ssl->session_negotiate->peer_cert->pk.type != POLARSSL_PK_RSA )
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
if( (unsigned int)( end - p ) != if( (unsigned int)( end - p ) !=
ssl->session_negotiate->peer_cert->rsa.len ) pk_rsa( ssl->session_negotiate->peer_cert->pk )->len )
{ {
SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
@ -1139,9 +1143,9 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen ); SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
if( ( ret = rsa_pkcs1_verify( &ssl->session_negotiate->peer_cert->rsa, if( ( ret = rsa_pkcs1_verify(
RSA_PUBLIC, pk_rsa( ssl->session_negotiate->peer_cert->pk ),
md_alg, hashlen, hash, p ) ) != 0 ) RSA_PUBLIC, md_alg, hashlen, hash, p ) ) != 0 )
{ {
SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret ); SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret );
return( ret ); return( ret );
@ -1516,8 +1520,12 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
/* EC NOT IMPLEMENTED YET */
if( ssl->session_negotiate->peer_cert->pk.type != POLARSSL_PK_RSA )
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
i = 4; i = 4;
n = ssl->session_negotiate->peer_cert->rsa.len; n = pk_rsa( ssl->session_negotiate->peer_cert->pk )->len;
if( ssl->minor_ver != SSL_MINOR_VERSION_0 ) if( ssl->minor_ver != SSL_MINOR_VERSION_0 )
{ {
@ -1526,11 +1534,10 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
ssl->out_msg[5] = (unsigned char)( n ); ssl->out_msg[5] = (unsigned char)( n );
} }
ret = rsa_pkcs1_encrypt( &ssl->session_negotiate->peer_cert->rsa, ret = rsa_pkcs1_encrypt(
ssl->f_rng, ssl->p_rng, pk_rsa( ssl->session_negotiate->peer_cert->pk ),
RSA_PUBLIC, ssl->f_rng, ssl->p_rng, RSA_PUBLIC,
ssl->handshake->pmslen, ssl->handshake->pmslen, ssl->handshake->premaster,
ssl->handshake->premaster,
ssl->out_msg + i ); ssl->out_msg + i );
if( ret != 0 ) if( ret != 0 )
{ {

View file

@ -1968,7 +1968,11 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
md_alg = POLARSSL_MD_NONE; md_alg = POLARSSL_MD_NONE;
} }
n1 = ssl->session_negotiate->peer_cert->rsa.len; /* EC NOT IMPLEMENTED YET */
if( ssl->session_negotiate->peer_cert->pk.type != POLARSSL_PK_RSA )
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
n1 = pk_rsa( ssl->session_negotiate->peer_cert->pk )->len;
n2 = ( ssl->in_msg[4 + n] << 8 ) | ssl->in_msg[5 + n]; n2 = ( ssl->in_msg[4 + n] << 8 ) | ssl->in_msg[5 + n];
if( n + n1 + 6 != ssl->in_hslen || n1 != n2 ) if( n + n1 + 6 != ssl->in_hslen || n1 != n2 )
@ -1977,8 +1981,9 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
} }
ret = rsa_pkcs1_verify( &ssl->session_negotiate->peer_cert->rsa, RSA_PUBLIC, ret = rsa_pkcs1_verify( pk_rsa( ssl->session_negotiate->peer_cert->pk ),
md_alg, hashlen, hash, ssl->in_msg + 6 + n ); RSA_PUBLIC, md_alg, hashlen, hash,
ssl->in_msg + 6 + n );
if( ret != 0 ) if( ret != 0 )
{ {
SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret ); SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret );

File diff suppressed because it is too large Load diff

View file

@ -206,19 +206,28 @@ int main( int argc, char *argv[] )
printf( " ok\n" ); printf( " ok\n" );
/* /*
* 1.5. Verify certificate validity with private key * 1.6. Verify certificate validity with private key
*/ */
printf( " . Verify the client certificate with private key..." ); printf( " . Verify the client certificate with private key..." );
fflush( stdout ); fflush( stdout );
ret = mpi_cmp_mpi(&rsa.N, &clicert.rsa.N);
/* EC NOT IMPLEMENTED YET */
if( clicert.pk.type != POLARSSL_PK_RSA )
{
printf( " failed\n ! certificate's key is not RSA\n\n" );
ret = POLARSSL_ERR_X509_FEATURE_UNAVAILABLE;
goto exit;
}
ret = mpi_cmp_mpi(&rsa.N, &pk_rsa( clicert.pk )->N);
if( ret != 0 ) if( ret != 0 )
{ {
printf( " failed\n ! mpi_cmp_mpi for N returned %d\n\n", ret ); printf( " failed\n ! mpi_cmp_mpi for N returned %d\n\n", ret );
goto exit; goto exit;
} }
ret = mpi_cmp_mpi(&rsa.E, &clicert.rsa.E); ret = mpi_cmp_mpi(&rsa.E, &pk_rsa( clicert.pk )->E);
if( ret != 0 ) if( ret != 0 )
{ {
printf( " failed\n ! mpi_cmp_mpi for E returned %d\n\n", ret ); printf( " failed\n ! mpi_cmp_mpi for E returned %d\n\n", ret );

Binary file not shown.

View file

@ -0,0 +1,8 @@
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBAQ==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MF8CAQEEGKHCq9vcqkdzGdKSIUP2M9o/vu1rja5jxqAKBggqhkjOPQMBAaE0AzIA
BCE3lp+r1ONwYkoOGjPjecq5UMzgDvjDw+KtrrcnHI8HZZ1l09d33PIWFDY65Lbm
Fw==
-----END EC PRIVATE KEY-----

View file

@ -1,7 +1,11 @@
Debug print certificate #1 Debug print certificate #1 (RSA)
depends_on:POLARSSL_FS_IO:POLARSSL_PEM_C:POLARSSL_BASE64_C depends_on:POLARSSL_FS_IO:POLARSSL_PEM_C:POLARSSL_BASE64_C
debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2011-02-12 14\:44\:06\nMyFile(0999)\: expires on \: 2021-02-12 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n" debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2011-02-12 14\:44\:06\nMyFile(0999)\: expires on \: 2021-02-12 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
Debug print certificate #2 (EC)
depends_on:POLARSSL_FS_IO:POLARSSL_PEM_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 1\nMyFile(0999)\: serial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nMyFile(0999)\: issuer name \: CN=Test\nMyFile(0999)\: subject name \: CN=Test\nMyFile(0999)\: issued on \: 2013-07-10 09\:40\:19\nMyFile(0999)\: expires on \: 2023-07-08 09\:40\:19\nMyFile(0999)\: signed using \: ECDSA with SHA1\nMyFile(0999)\: EC key size \: 192 bits\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (190 bits) is\:\nMyFile(0999)\: 21 37 96 9f ab d4 e3 70 62 4a 0e 1a 33 e3 79 ca\nMyFile(0999)\: b9 50 cc e0 0e f8 c3 c3\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (192 bits) is\:\nMyFile(0999)\: e2 ad ae b7 27 1c 8f 07 65 9d 65 d3 d7 77 dc f2\nMyFile(0999)\: 16 14 36 3a e4 b6 e6 17\nMyFile(0999)\: value of 'crt->eckey.Q(Z)' (1 bits) is\:\nMyFile(0999)\: 01\n"
Debug print mpi #1 Debug print mpi #1
debug_print_mpi:16:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n" debug_print_mpi:16:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n"

View file

@ -187,39 +187,39 @@ depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO
x509parse_public_keyfile_rsa:"data_files/format_gen.pub":0 x509parse_public_keyfile_rsa:"data_files/format_gen.pub":0
X509 Parse Public EC Key #1 (RFC 5480, DER) X509 Parse Public EC Key #1 (RFC 5480, DER)
depends_on:POLARSSL_ECP_C:POLARSSL_FS_IO depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_FS_IO
x509parse_public_keyfile_ec:"data_files/ec_pub.der":0 x509parse_public_keyfile_ec:"data_files/ec_pub.der":0
X509 Parse Public EC Key #2 (RFC 5480, PEM) X509 Parse Public EC Key #2 (RFC 5480, PEM)
depends_on:POLARSSL_PEM_C:POLARSSL_ECP_C:POLARSSL_FS_IO depends_on:POLARSSL_PEM_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_FS_IO
x509parse_public_keyfile_ec:"data_files/ec_pub.pem":0 x509parse_public_keyfile_ec:"data_files/ec_pub.pem":0
X509 Parse EC Key #1 (SEC1 DER) X509 Parse EC Key #1 (SEC1 DER)
depends_on:POLARSSL_FS_IO:POLARSSL_ECP_C depends_on:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509parse_keyfile_ec:"data_files/ec_prv.sec1.der":NULL:0 x509parse_keyfile_ec:"data_files/ec_prv.sec1.der":NULL:0
X509 Parse EC Key #2 (SEC1 PEM) X509 Parse EC Key #2 (SEC1 PEM)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509parse_keyfile_ec:"data_files/ec_prv.sec1.pem":NULL:0 x509parse_keyfile_ec:"data_files/ec_prv.sec1.pem":NULL:0
X509 Parse EC Key #3 (SEC1 PEM encrypted) X509 Parse EC Key #3 (SEC1 PEM encrypted)
depends_on:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C depends_on:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0 x509parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0
X509 Parse EC Key #4 (PKCS8 DER) X509 Parse EC Key #4 (PKCS8 DER)
depends_on:POLARSSL_FS_IO:POLARSSL_ECP_C depends_on:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509parse_keyfile_ec:"data_files/ec_prv.pk8.der":NULL:0 x509parse_keyfile_ec:"data_files/ec_prv.pk8.der":NULL:0
X509 Parse EC Key #5 (PKCS8 PEM) X509 Parse EC Key #5 (PKCS8 PEM)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509parse_keyfile_ec:"data_files/ec_prv.pk8.pem":NULL:0 x509parse_keyfile_ec:"data_files/ec_prv.pk8.pem":NULL:0
X509 Parse EC Key #6 (PKCS8 encrypted DER) X509 Parse EC Key #6 (PKCS8 encrypted DER)
depends_on:POLARSSL_DES_C:POLARSSL_FS_IO:POLARSSL_ECP_C depends_on:POLARSSL_DES_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509parse_keyfile_ec:"data_files/ec_prv.pk8.pw.der":"polar":0 x509parse_keyfile_ec:"data_files/ec_prv.pk8.pw.der":"polar":0
X509 Parse EC Key #7 (PKCS8 encrypted PEM) X509 Parse EC Key #7 (PKCS8 encrypted PEM)
depends_on:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C depends_on:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509parse_keyfile_ec:"data_files/ec_prv.pk8.pw.pem":"polar":0 x509parse_keyfile_ec:"data_files/ec_prv.pk8.pw.pem":"polar":0
X509 Get Distinguished Name #1 X509 Get Distinguished Name #1
@ -511,7 +511,7 @@ X509 Certificate ASN1 (TBSCertificate, valid subject, no pubkeyinfo)
x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, pubkey, no alg) X509 Certificate ASN1 (TBSCertificate, pubkey, no alg)
x509parse_crt:"30583056a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_OUT_OF_DATA x509parse_crt:"30583056a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, valid subject, unknown pk alg) X509 Certificate ASN1 (TBSCertificate, valid subject, unknown pk alg)
x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101000500":"":POLARSSL_ERR_X509_UNKNOWN_PK_ALG x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101000500":"":POLARSSL_ERR_X509_UNKNOWN_PK_ALG
@ -523,7 +523,7 @@ X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring data)
x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_OUT_OF_DATA x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, pubkey, invalid bitstring start) X509 Certificate ASN1 (TBSCertificate, pubkey, invalid bitstring start)
x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_INVALID_DATA
X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring length) X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring length)
x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_LENGTH_MISMATCH x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
@ -595,7 +595,7 @@ X509 Certificate ASN1 (sig_alg, no sig)
x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_OUT_OF_DATA x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (signature, invalid sig data) X509 Certificate ASN1 (signature, invalid sig data)
x509parse_crt:"308195308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030100":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE x509parse_crt:"308195308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030100":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_INVALID_DATA
X509 Certificate ASN1 (signature, data left) X509 Certificate ASN1 (signature, data left)
x509parse_crt:"308197308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff00":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH x509parse_crt:"308197308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff00":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
@ -633,6 +633,17 @@ x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010205003
X509 Certificate ASN1 (Name with unknown PKCS9 part) X509 Certificate ASN1 (Name with unknown PKCS9 part)
x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
X509 Certificate ASN1 (ECDSA signature, RSA key)
x509parse_crt:"3081E630819E020103300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343631385A170D3233303730383039343631385A300F310D300B0603550403130454657374304C300D06092A864886F70D0101010500033B003038023100E8F546061D3B49BC2F6B7524B7EA4D73A8D5293EE8C64D9407B70B5D16BAEBC32B8205591EAB4E1EB57E9241883701250203010001300906072A8648CE3D0401033800303502186E18209AFBED14A0D9A796EFCAD68891E3CCD5F75815C833021900E92B4FD460B1994693243B9FFAD54729DE865381BDA41D25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0
X509 Certificate ASN1 (ECDSA signature, EC key)
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509parse_crt:"3081EB3081A3020900F41534662EC7E912300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343031395A170D3233303730383039343031395A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D030101033200042137969FABD4E370624A0E1A33E379CAB950CCE00EF8C3C3E2ADAEB7271C8F07659D65D3D777DCF21614363AE4B6E617300906072A8648CE3D04010338003035021858CC0F957946FE6A303D92885A456AA74C743C7B708CBD37021900FE293CAC21AF352D16B82EB8EA54E9410B3ABAADD9F05DD6":"cert. version \: 1\nserial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:40\:19\nexpires on \: 2023-07-08 09\:40\:19\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n":0
X509 Certificate ASN1 (RSA signature, EC key)
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0
X509 CRL ASN1 (Incorrect first tag) X509 CRL ASN1 (Incorrect first tag)
x509parse_crl:"":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT x509parse_crl:"":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT