/**
* @file test_x509.c
* @author Kealan McCusker
* @brief Test x509 functions
*
* LICENSE
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
#include "rsa.h"
#include "ecdh.h"
#include "x509.h"
#include "utils.h"
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
typedef enum { false, true } bool;
//#define DEBUG
#define ECC 1
#define RSA 2
#define H160 1
#define H256 2
#define H384 3
#define H512 4
#define LINE_LEN 10000
#define MAX_STRING 300
#define MAXMODBYTES 72
#define MAXFFLEN 16
static char sig[MAXMODBYTES*MAXFFLEN];
static octet SIG= {0,sizeof(sig),sig};
static char r[MAXMODBYTES];
static octet R= {0,sizeof(r),r};
static char s[MAXMODBYTES];
static octet S= {0,sizeof(s),s};
static char cakey[MAXMODBYTES*MAXFFLEN];
static octet CAKEY= {0,sizeof(cakey),cakey};
static char certkey[MAXMODBYTES*MAXFFLEN];
static octet CERTKEY= {0,sizeof(certkey),certkey};
static char h[5000];
static octet H= {0,sizeof(h),h};
static char hh[5000];
static octet HH= {0,sizeof(hh),hh};
static char hp[RFS];
static octet HP= {0,sizeof(hp),hp};
// countryName
static char cn[3]= {0x55,0x04,0x06};
static octet CN= {3,sizeof(cn),cn};
// stateName
static char sn[3]= {0x55,0x04,0x08};
static octet SN= {3,sizeof(sn),sn};
// localName
static char ln[3]= {0x55,0x04,0x07};
static octet LN= {3,sizeof(ln),ln};
// orgName
static char on[3]= {0x55,0x04,0x0A};
static octet ON= {3,sizeof(on),on};
// unitName
static char un[3]= {0x55,0x04,0x0B};
static octet UN= {3,sizeof(un),un};
// myName
static char mn[3]= {0x55,0x04,0x03};
static octet MN= {3,sizeof(mn),mn};
// emailName
static char en[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01};
static octet EN= {9,sizeof(en),en};
extern void print_out(char *des,octet *c,int index,int len);
extern void print_date(char *des,octet *c,int index);
static int compare_data(octet *cert,octet *data,int index)
{
int i;
for (i=0; i<data->len; i++)
{
if (cert->val[index+i]!=data->val[i])
{
return 0;
}
}
return 1;
}
int test_x509(int argc, char** argv)
{
if (argc != 2)
{
printf("usage: ./test_x509 [path to test vector file]\n");
exit(EXIT_FAILURE);
}
int sha;
pktype st,pt;
pktype ca = {0,0,0};
FILE * fp = NULL;
char line[LINE_LEN];
char * linePtr = NULL;
int l1=0;
const char* CAStr = "CA = ";
const char* CERTStr = "CERT = ";
char issuerc[MAX_STRING];
octet IssuerCOct= {0,MAX_STRING,issuerc};
const char* IssuerCStr = "IssuerC = ";
char issuerst[MAX_STRING];
octet IssuerSTOct= {0,MAX_STRING,issuerst};
const char* IssuerSTStr = "IssuerST = ";
char issuerl[MAX_STRING];
octet IssuerLOct= {0,MAX_STRING,issuerl};
const char* IssuerLStr = "IssuerL = ";
char issuero[MAX_STRING];
octet IssuerOOct= {0,MAX_STRING,issuero};
const char* IssuerOStr = "IssuerO = ";
char issuerou[MAX_STRING];
octet IssuerOUOct= {0,MAX_STRING,issuerou};
const char* IssuerOUStr = "IssuerOU = ";
char issuercn[MAX_STRING];
octet IssuerCNOct= {0,MAX_STRING,issuercn};
const char* IssuerCNStr = "IssuerCN = ";
char issueremailaddress[MAX_STRING];
octet IssuerEmailAddressOct= {0,MAX_STRING,issueremailaddress};
const char* IssuerEmailAddressStr = "IssuerEmailAddress = ";
char subjectc[MAX_STRING];
octet SubjectCOct= {0,MAX_STRING,subjectc};
const char* SubjectCStr = "SubjectC = ";
char subjectst[MAX_STRING];
octet SubjectSTOct= {0,MAX_STRING,subjectst};
const char* SubjectSTStr = "SubjectST = ";
char subjectl[MAX_STRING];
octet SubjectLOct= {0,MAX_STRING,subjectl};
const char* SubjectLStr = "SubjectL = ";
char subjecto[MAX_STRING];
octet SubjectOOct= {0,MAX_STRING,subjecto};
const char* SubjectOStr = "SubjectO = ";
char subjectou[MAX_STRING];
octet SubjectOUOct= {0,MAX_STRING,subjectou};
const char* SubjectOUStr = "SubjectOU = ";
char subjectcn[MAX_STRING];
octet SubjectCNOct= {0,MAX_STRING,subjectcn};
const char* SubjectCNStr = "SubjectCN = ";
char subjectemailaddress[MAX_STRING];
octet SubjectEmailAddressOct= {0,MAX_STRING,subjectemailaddress};
const char* SubjectEmailAddressStr = "SubjectEmailAddress = ";
char vf[MAX_STRING];
octet vfOct= {0,MAX_STRING,vf};
const char* vfStr = "vf = ";
char vt[MAX_STRING];
octet vtOct= {0,MAX_STRING,vt};
const char* vtStr = "vt = ";
char cert_pk[512];
octet CERT_PKOct= {0,sizeof(cert_pk),cert_pk};
const char* CERT_PKStr = "CERT_PK = ";
fp = fopen(argv[1], "r");
if (fp == NULL)
{
printf("ERROR opening test vector file\n");
exit(EXIT_FAILURE);
}
rsa_public_key PK;
bool readLine = false;
int i=0;
while (fgets(line, LINE_LEN, fp) != NULL)
{
i++;
readLine = true;
if (!strncmp(line, IssuerCStr, strlen(IssuerCStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(IssuerCStr);
OCT_clear(&IssuerCOct);
OCT_jstring(&IssuerCOct,linePtr);
IssuerCOct.len -= 1;
#ifdef DEBUG
printf("IssuerCOct Hex: ");
OCT_output(&IssuerCOct);
printf("IssuerCOct ASCII: ");
OCT_output_string(&IssuerCOct);
printf("\n");
#endif
}
if (!strncmp(line, IssuerSTStr, strlen(IssuerSTStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(IssuerSTStr);
OCT_clear(&IssuerSTOct);
OCT_jstring(&IssuerSTOct,linePtr);
IssuerSTOct.len -= 1;
#ifdef DEBUG
printf("IssuerSTOct Hex: ");
OCT_output(&IssuerSTOct);
printf("IssuerSTOct ASCII: ");
OCT_output_string(&IssuerSTOct);
printf("\n");
#endif
}
if (!strncmp(line, IssuerLStr, strlen(IssuerLStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(IssuerLStr);
OCT_clear(&IssuerLOct);
OCT_jstring(&IssuerLOct,linePtr);
IssuerLOct.len -= 1;
#ifdef DEBUG
printf("IssuerLOct Hex: ");
OCT_output(&IssuerLOct);
printf("IssuerLOct ASCII: ");
OCT_output_string(&IssuerLOct);
printf("\n");
#endif
}
if (!strncmp(line, IssuerOStr, strlen(IssuerOStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(IssuerOStr);
OCT_clear(&IssuerOOct);
OCT_jstring(&IssuerOOct,linePtr);
IssuerOOct.len -= 1;
#ifdef DEBUG
printf("IssuerOOct Hex: ");
OCT_output(&IssuerOOct);
printf("IssuerOOct ASCII: ");
OCT_output_string(&IssuerOOct);
printf("\n");
#endif
}
if (!strncmp(line, IssuerOUStr, strlen(IssuerOUStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(IssuerOUStr);
OCT_clear(&IssuerOUOct);
OCT_jstring(&IssuerOUOct,linePtr);
IssuerOUOct.len -= 1;
#ifdef DEBUG
printf("IssuerOUOct Hex: ");
OCT_output(&IssuerOUOct);
printf("IssuerOUOct ASCII: ");
OCT_output_string(&IssuerOUOct);
printf("\n");
#endif
}
if (!strncmp(line, IssuerCNStr, strlen(IssuerCNStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(IssuerCNStr);
OCT_clear(&IssuerCNOct);
OCT_jstring(&IssuerCNOct,linePtr);
IssuerCNOct.len -= 1;
#ifdef DEBUG
printf("IssuerCNOct Hex: ");
OCT_output(&IssuerCNOct);
printf("IssuerCNOct ASCII: ");
OCT_output_string(&IssuerCNOct);
printf("\n");
#endif
}
if (!strncmp(line, IssuerEmailAddressStr, strlen(IssuerEmailAddressStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(IssuerEmailAddressStr);
OCT_clear(&IssuerEmailAddressOct);
OCT_jstring(&IssuerEmailAddressOct,linePtr);
IssuerEmailAddressOct.len -= 1;
#ifdef DEBUG
printf("IssuerEmailAddressOct Hex: ");
OCT_output(&IssuerEmailAddressOct);
printf("IssuerEmailAddressOct ASCII: ");
OCT_output_string(&IssuerEmailAddressOct);
printf("\n");
#endif
}
if (!strncmp(line, SubjectCStr, strlen(SubjectCStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(SubjectCStr);
OCT_clear(&SubjectCOct);
OCT_jstring(&SubjectCOct,linePtr);
SubjectCOct.len -= 1;
#ifdef DEBUG
printf("SubjectCOct Hex: ");
OCT_output(&SubjectCOct);
printf("SubjectCOct ASCII: ");
OCT_output_string(&SubjectCOct);
printf("\n");
#endif
}
if (!strncmp(line, SubjectSTStr, strlen(SubjectSTStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(SubjectSTStr);
OCT_clear(&SubjectSTOct);
OCT_jstring(&SubjectSTOct,linePtr);
SubjectSTOct.len -= 1;
#ifdef DEBUG
printf("SubjectSTOct Hex: ");
OCT_output(&SubjectSTOct);
printf("SubjectSTOct ASCII: ");
OCT_output_string(&SubjectSTOct);
printf("\n");
#endif
}
if (!strncmp(line, SubjectLStr, strlen(SubjectLStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(SubjectLStr);
OCT_clear(&SubjectLOct);
OCT_jstring(&SubjectLOct,linePtr);
SubjectLOct.len -= 1;
#ifdef DEBUG
printf("SubjectLOct Hex: ");
OCT_output(&SubjectLOct);
printf("SubjectLOct ASCII: ");
OCT_output_string(&SubjectLOct);
printf("\n");
#endif
}
if (!strncmp(line, SubjectOStr, strlen(SubjectOStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(SubjectOStr);
OCT_clear(&SubjectOOct);
OCT_jstring(&SubjectOOct,linePtr);
SubjectOOct.len -= 1;
#ifdef DEBUG
printf("SubjectOOct Hex: ");
OCT_output(&SubjectOOct);
printf("SubjectOOct ASCII: ");
OCT_output_string(&SubjectOOct);
printf("\n");
#endif
}
if (!strncmp(line, SubjectOUStr, strlen(SubjectOUStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(SubjectOUStr);
OCT_clear(&SubjectOUOct);
OCT_jstring(&SubjectOUOct,linePtr);
SubjectOUOct.len -= 1;
#ifdef DEBUG
printf("SubjectOUOct Hex: ");
OCT_output(&SubjectOUOct);
printf("SubjectOUOct ASCII: ");
OCT_output_string(&SubjectOUOct);
printf("\n");
#endif
}
if (!strncmp(line, SubjectCNStr, strlen(SubjectCNStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(SubjectCNStr);
OCT_clear(&SubjectCNOct);
OCT_jstring(&SubjectCNOct,linePtr);
SubjectCNOct.len -= 1;
#ifdef DEBUG
printf("SubjectCNOct Hex: ");
OCT_output(&SubjectCNOct);
printf("SubjectCNOct ASCII: ");
OCT_output_string(&SubjectCNOct);
printf("\n");
#endif
}
if (!strncmp(line, SubjectEmailAddressStr, strlen(SubjectEmailAddressStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(SubjectEmailAddressStr);
OCT_clear(&SubjectEmailAddressOct);
OCT_jstring(&SubjectEmailAddressOct,linePtr);
SubjectEmailAddressOct.len -= 1;
#ifdef DEBUG
printf("SubjectEmailAddressOct Hex: ");
OCT_output(&SubjectEmailAddressOct);
printf("SubjectEmailAddressOct ASCII: ");
OCT_output_string(&SubjectEmailAddressOct);
printf("\n");
#endif
}
if (!strncmp(line, vfStr, strlen(vfStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(vfStr);
OCT_clear(&vfOct);
OCT_jstring(&vfOct,linePtr);
vfOct.len -= 1;
#ifdef DEBUG
printf("vfOct Hex: ");
OCT_output(&vfOct);
printf("vfOct ASCII: ");
OCT_output_string(&vfOct);
printf("\n");
#endif
}
if (!strncmp(line, vtStr, strlen(vtStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
linePtr = line + strlen(vtStr);
OCT_clear(&vtOct);
OCT_jstring(&vtOct,linePtr);
vtOct.len -= 1;
#ifdef DEBUG
printf("vtOct Hex: ");
OCT_output(&vtOct);
printf("vtOct ASCII: ");
OCT_output_string(&vtOct);
printf("\n");
#endif
}
if (!strncmp(line, CERT_PKStr, strlen(CERT_PKStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
// Find hex value in string
linePtr = line + strlen(CERT_PKStr);
// p binary value
l1 = strlen(linePtr)-1;
amcl_hex2bin(linePtr, CERT_PKOct.val, l1);
CERT_PKOct.len = l1/2;
#ifdef DEBUG
printf("CERT_PKOct Hex: ");
OCT_output(&CERT_PKOct);
printf("\n");
#endif
}
// Self-Signed CA cert
if (!strncmp(line, CAStr, strlen(CAStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
// Find base64 value in string
char io[5000];
octet IO= {0,sizeof(io),io};
linePtr = line + strlen(CAStr);
l1 = strlen(linePtr);
char* ca_b64 = (char*) calloc (l1,sizeof(char));
strncpy(ca_b64,linePtr,l1-1);
OCT_frombase64(&IO,ca_b64);
#ifdef DEBUG
printf("CA Self-Signed Cert: \n");
OCT_output(&IO);
printf("\n");
#endif
free(ca_b64);
ca_b64 = NULL;
// returns signature type
st=X509_extract_cert_sig(&IO,&SIG);
if (st.type==0)
{
printf("Unable to extract self-signed cert signature\r\n");
}
if (st.type==ECC)
{
OCT_chop(&SIG,&S,SIG.len/2);
OCT_copy(&R,&SIG);
// printf("SIG: ");
// OCT_output(&R);
// printf("\r\n");
// OCT_output(&S);
// printf("\r\n");
}
if (st.type==RSA)
{
//printf("SIG: ");
//OCT_output(&SIG);
//printf("\r\n");
}
// Extract Cert from signed Cert
X509_extract_cert(&IO,&H);
ca=X509_extract_public_key(&H,&CAKEY);
if (ca.type==0)
{
printf("Not supported by library\n");
exit(EXIT_FAILURE);
}
if (ca.type!=st.type)
{
printf("Not self-signed\n");
exit(EXIT_FAILURE);
}
if (ca.type==ECC)
{
// printf("EXTRACTED ECC CA PUBLIC KEY: ");
// OCT_output(&CAKEY);
// printf("\n");
}
if (ca.type==RSA)
{
// printf("EXTRACTED RSA CA PUBLIC KEY: ");
// OCT_output(&CAKEY);
// printf("\n");
}
// Cert is self-signed - so check signature
// printf("Checking Self-Signed Signature\r\n");
if (ca.type==ECC)
{
if (ca.curve!=CHOICE)
{
printf("TEST X509 ERROR CURVE IS NOT SUPPORTED LINE %d\n",i);
exit(EXIT_FAILURE);
}
int res=ECP_PUBLIC_KEY_VALIDATE(1,&CAKEY);
if (res!=0)
{
printf("TEST X509 ERROR PUBLIC KEY IS INVALID LINE %d\n",i);
exit(EXIT_FAILURE);
}
sha=0;
if (st.hash==H256) sha=SHA256;
if (st.hash==H384) sha=SHA384;
if (st.hash==H512) sha=SHA512;
if (st.hash==0)
{
printf("TEST X509 ERROR HASH FUNCTION NOT SUPPORTED LINE %d\n",i);
exit(EXIT_FAILURE);
}
if (ECPVP_DSA(sha,&CAKEY,&H,&R,&S)!=0)
{
printf("X509 ERROR ECDSA VERIFICATION FAILED LINE %d\n",i);
exit(EXIT_FAILURE);
}
}
if (ca.type==RSA)
{
PK.e=65537; // assuming this!
FF_fromOctet(PK.n,&CAKEY,FFLEN);
sha=0;
if (st.hash==H256) sha=SHA256;
if (st.hash==H384) sha=SHA384;
if (st.hash==H512) sha=SHA512;
if (st.hash==0)
{
printf("TEST X509 ERROR Hash Function not supported LINE %d\n",i);
exit(EXIT_FAILURE);
}
PKCS15(sha,&H,&HP);
RSA_ENCRYPT(&PK,&SIG,&HH);
if (!OCT_comp(&HP,&HH))
{
printf("TEST X509 ERROR RSA VERIFICATION FAILED LINE %d\n",i);
exit(EXIT_FAILURE);
}
}
}
/////////// CA Signed cert /////////////////
if (!strncmp(line, CERTStr, strlen(CERTStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
// Find base64 value in string
char io[5000];
octet IO= {0,sizeof(io),io};
linePtr = line + strlen(CERTStr);
l1 = strlen(linePtr);
char* cert_b64 = (char*) calloc (l1,sizeof(char));
strncpy(cert_b64,linePtr,l1-1);
OCT_frombase64(&IO,cert_b64);
#ifdef DEBUG
printf("CA Signed Cert: \n");
OCT_output(&IO);
printf("\n");
#endif
free(cert_b64);
cert_b64 = NULL;
// returns signature type
st=X509_extract_cert_sig(&IO,&SIG);
if (st.type==0)
{
printf("TEST X509 ERROR UNABLE TO CHECK CERT SIGNATURE LINE %d\n",i);
exit(EXIT_FAILURE);
}
if (st.type==ECC)
{
OCT_chop(&SIG,&S,SIG.len/2);
OCT_copy(&R,&SIG);
#ifdef DEBUG
printf("ECC SIG: ");
OCT_output(&R);
printf("\r\n");
OCT_output(&S);
printf("\r\n");
#endif
}
#ifdef DEBUG
if (st.type==RSA)
{
printf("RSA SIG: ");
OCT_output(&SIG);
printf("\r\n");
}
#endif
// Extract Cert
int c;
c=X509_extract_cert(&IO,&H);
#ifdef DEBUG
printf("Cert: ");
OCT_output(&H);
printf("\n");
#endif
// Check Details
int ic,len;
// Issuer Details
ic=X509_find_issuer(&H);
c=X509_find_entity_property(&H,&CN,ic,&len);
#ifdef DEBUG
print_out("countryName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&IssuerCOct,c))
{
printf("TEST X509 ERROR IssuerC LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&SN,ic,&len);
#ifdef DEBUG
print_out("stateOrProvinceName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&IssuerSTOct,c))
{
printf("TEST X509 ERROR IssuerST LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&LN,ic,&len);
#ifdef DEBUG
print_out("localityName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&IssuerLOct,c))
{
printf("TEST X509 ERROR IssuerL LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&ON,ic,&len);
#ifdef DEBUG
print_out("organizationName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&IssuerOOct,c))
{
printf("TEST X509 ERROR IssuerO LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&UN,ic,&len);
#ifdef DEBUG
print_out("organizationalUnitName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&IssuerOUOct,c))
{
printf("TEST X509 ERROR IssuerOU LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&MN,ic,&len);
#ifdef DEBUG
print_out("commonName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&IssuerCNOct,c))
{
printf("TEST X509 ERROR IssuerCN LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&EN,ic,&len);
#ifdef DEBUG
print_out("emailAddress: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&IssuerEmailAddressOct,c))
{
printf("TEST X509 ERROR IssuerEmailAddress LINE %d\n",i);
exit(EXIT_FAILURE);
}
// Subject details
#ifdef DEBUG
printf("Subject Details\n");
#endif
ic=X509_find_subject(&H);
c=X509_find_entity_property(&H,&CN,ic,&len);
#ifdef DEBUG
print_out("countryName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&SubjectCOct,c))
{
printf("TEST X509 ERROR SubjectC LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&SN,ic,&len);
#ifdef DEBUG
print_out("stateOrProvinceName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&SubjectSTOct,c))
{
printf("TEST X509 ERROR SubjectST LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&LN,ic,&len);
#ifdef DEBUG
print_out("localityName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&SubjectLOct,c))
{
printf("TEST X509 ERROR SubjectL LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&ON,ic,&len);
#ifdef DEBUG
print_out("organizationName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&SubjectOOct,c))
{
printf("TEST X509 ERROR SubjectO LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&UN,ic,&len);
#ifdef DEBUG
print_out("organizationalUnitName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&SubjectOUOct,c))
{
printf("TEST X509 ERROR SubjectOU LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&MN,ic,&len);
#ifdef DEBUG
print_out("commonName: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&SubjectCNOct,c))
{
printf("TEST X509 ERROR SubjectCN LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_entity_property(&H,&EN,ic,&len);
#ifdef DEBUG
print_out("emailAddress: ",&H,c,len);
printf("\n");
#endif
if (!compare_data(&H,&SubjectEmailAddressOct,c))
{
printf("TEST X509 ERROR SubjectEmailAddress LINE %d\n",i);
exit(EXIT_FAILURE);
}
ic=X509_find_validity(&H);
c=X509_find_start_date(&H,ic);
#ifdef DEBUG
print_date("start date: ",&H,c);
printf("\n");
#endif
if (!compare_data(&H,&vfOct,c))
{
printf("TEST X509 ERROR VALID FROM LINE %d\n",i);
exit(EXIT_FAILURE);
}
c=X509_find_expiry_date(&H,ic);
#ifdef DEBUG
print_date("expiry date: ",&H,c);
printf("\n");
#endif
if (!compare_data(&H,&vtOct,c))
{
printf("TEST X509 ERROR VALID TO LINE %d\n",i);
exit(EXIT_FAILURE);
}
pt=X509_extract_public_key(&H,&CERTKEY);
if (pt.type==0)
{
printf("TEST X509 ERROR NOT SUPPORTED BY LIBRARY LINE %d\n",i);
exit(EXIT_FAILURE);
}
#ifdef DEBUG
if (pt.type==ECC)
{
printf("EXTRACTED ECC PUBLIC KEY: ");
OCT_output(&CERTKEY);
printf("\n");
}
if (pt.type==RSA)
{
printf("EXTRACTED RSA PUBLIC KEY: ");
OCT_output(&CERTKEY);
printf("\n");
}
#endif
if (!compare_data(&CERTKEY,&CERT_PKOct,0))
{
printf("TEST X509 ERROR CERT PUBLIC KEY LINE %d\n",i);
exit(EXIT_FAILURE);
}
// Check CA signature
// printf("Checking CA Signed Signature\n");
#ifdef DEBUG
printf("CA PUBLIC KEY: ");
OCT_output(&CAKEY);
printf("\n");
#endif
if (ca.type==ECC)
{
if (ca.curve!=CHOICE)
{
printf("TEST X509 ERROR CURVE IS NOT SUPPORTED LINE %d\n",i);
exit(EXIT_FAILURE);
}
int res=ECP_PUBLIC_KEY_VALIDATE(1,&CAKEY);
if (res!=0)
{
printf("TEST X509 ERROR PUBLIC KEY IS INVALID LINE %d\n",i);
exit(EXIT_FAILURE);
}
sha=0;
if (st.hash==H256) sha=SHA256;
if (st.hash==H384) sha=SHA384;
if (st.hash==H512) sha=SHA512;
if (st.hash==0)
{
printf("TEST X509 ERROR HASH FUNCTION NOT SUPPORTED LINE %d\n",i);
exit(EXIT_FAILURE);
}
if (ECPVP_DSA(sha,&CAKEY,&H,&R,&S)!=0)
{
printf("X509 ERROR ECDSA VERIFICATION FAILED LINE %d\n",i);
exit(EXIT_FAILURE);
}
}
if (ca.type==RSA)
{
PK.e=65537; // assuming this!
FF_fromOctet(PK.n,&CAKEY,FFLEN);
sha=0;
if (st.hash==H256) sha=SHA256;
if (st.hash==H384) sha=SHA384;
if (st.hash==H512) sha=SHA512;
if (st.hash==0)
{
printf("TEST X509 ERROR Hash Function not supported LINE %d\n",i);
exit(EXIT_FAILURE);
}
PKCS15(sha,&H,&HP);
RSA_ENCRYPT(&PK,&SIG,&HH);
if (!OCT_comp(&HP,&HH))
{
printf("TEST X509 ERROR RSA VERIFICATION FAILED LINE %d\n",i);
exit(EXIT_FAILURE);
}
}
}
}
fclose(fp);
if (!readLine)
{
printf("X509 ERROR Empty test vector file\n");
exit(EXIT_FAILURE);
}
printf("SUCCESS TEST X509 PASSED\n");
exit(EXIT_SUCCESS);
}