TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 2c0994e9734c2154152220fa542afa3a2a76d397 / . / programs / test / ssl_cert_test.c
blob: 6166150f827d08ede94a0e305351759600054adf [file] [log] [blame]
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]1/*
2 * SSL certificate functionality tests
3 *
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]4 * Copyright (C) 2006-2010, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#ifndef _CRT_SECURE_NO_DEPRECATE
27#define _CRT_SECURE_NO_DEPRECATE 1
28#endif
29
30#include <string.h>
31#include <stdio.h>
32
33#include "polarssl/certs.h"
34#include "polarssl/x509.h"
35
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]36#if defined _MSC_VER && !defined snprintf
37#define snprintf _snprintf
38#endif
39
Paul Bakker40ea7de2009-05-03 10:18:48 +0000[diff] [blame]40#define MAX_CLIENT_CERTS 8
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]41
42char *client_certificates[MAX_CLIENT_CERTS] =
43{
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]44 "client1.crt",
45 "client2.crt",
Paul Bakker40ea7de2009-05-03 10:18:48 +0000[diff] [blame]46 "server1.crt",
47 "server2.crt",
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]48 "cert_sha224.crt",
49 "cert_sha256.crt",
50 "cert_sha384.crt",
51 "cert_sha512.crt"
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]52};
53
Paul Bakkera1d3e5f2009-03-28 17:30:26 +0000[diff] [blame]54char *client_private_keys[MAX_CLIENT_CERTS] =
55{
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]56 "client1.key",
57 "client2.key",
Paul Bakker40ea7de2009-05-03 10:18:48 +0000[diff] [blame]58 "server1.key",
59 "server2.key",
Paul Bakkerf17ed282011-02-09 17:10:48 +0000[diff] [blame]60 "cert_digest.key",
61 "cert_digest.key",
62 "cert_digest.key",
63 "cert_digest.key"
Paul Bakkera1d3e5f2009-03-28 17:30:26 +0000[diff] [blame]64};
65
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]66int main( void )
67{
68 int ret, i;
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]69 x509_cert cacert;
70 x509_crl crl;
71 char buf[10240];
72
73 memset( &cacert, 0, sizeof( x509_cert ) );
74 memset( &crl, 0, sizeof( x509_crl ) );
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]75
76 /*
77 * 1.1. Load the trusted CA
78 */
79 printf( "\n . Loading the CA root certificate ..." );
80 fflush( stdout );
81
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]82 /*
83 * Alternatively, you may load the CA certificates from a .pem or
84 * .crt file by calling x509parse_crtfile( &cacert, "myca.crt" ).
85 */
86 ret = x509parse_crtfile( &cacert, "ssl/test-ca/test-ca.crt" );
87 if( ret != 0 )
88 {
89 printf( " failed\n ! x509parse_crtfile returned %d\n\n", ret );
90 goto exit;
91 }
92
93 printf( " ok\n" );
94
Paul Bakker40ea7de2009-05-03 10:18:48 +0000[diff] [blame]95 x509parse_cert_info( buf, 1024, "CRT: ", &cacert );
96 printf("%s\n", buf );
97
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]98 /*
99 * 1.2. Load the CRL
100 */
101 printf( " . Loading the CRL ..." );
102 fflush( stdout );
103
104 ret = x509parse_crlfile( &crl, "ssl/test-ca/crl.pem" );
105 if( ret != 0 )
106 {
107 printf( " failed\n ! x509parse_crlfile returned %d\n\n", ret );
108 goto exit;
109 }
110
111 printf( " ok\n" );
112
113 x509parse_crl_info( buf, 1024, "CRL: ", &crl );
114 printf("%s\n", buf );
115
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]116 for( i = 0; i < MAX_CLIENT_CERTS; i++ )
117 {
118 /*
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]119 * 1.3. Load own certificate
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]120 */
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]121 char name[512];
122 int flags;
123 x509_cert clicert;
124 rsa_context rsa;
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]125
126 memset( &clicert, 0, sizeof( x509_cert ) );
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]127 memset( &rsa, 0, sizeof( rsa_context ) );
128
129 snprintf(name, 512, "ssl/test-ca/%s", client_certificates[i]);
130
131 printf( " . Loading the client certificate %s...", name );
132 fflush( stdout );
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]133
134 ret = x509parse_crtfile( &clicert, name );
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]135 if( ret != 0 )
136 {
137 printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
138 goto exit;
139 }
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]140
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]141 printf( " ok\n" );
Paul Bakkera1d3e5f2009-03-28 17:30:26 +0000[diff] [blame]142
143 /*
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]144 * 1.4. Verify certificate validity with CA certificate
Paul Bakkera1d3e5f2009-03-28 17:30:26 +0000[diff] [blame]145 */
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]146 printf( " . Verify the client certificate with CA certificate..." );
147 fflush( stdout );
148
Paul Bakkerb63b0af2011-01-13 17:54:59 +0000[diff] [blame]149 ret = x509parse_verify( &clicert, &cacert, &crl, NULL, &flags, NULL, NULL );
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]150 if( ret != 0 )
151 {
Paul Bakker40ea7de2009-05-03 10:18:48 +0000[diff] [blame]152 if( ret == POLARSSL_ERR_X509_CERT_VERIFY_FAILED )
153 {
Paul Bakker860d36b2009-05-03 17:29:56 +0000[diff] [blame]154 if( flags & BADCERT_CN_MISMATCH )
155 printf( " CN_MISMATCH " );
156 if( flags & BADCERT_EXPIRED )
157 printf( " EXPIRED " );
158 if( flags & BADCERT_REVOKED )
Paul Bakker40ea7de2009-05-03 10:18:48 +0000[diff] [blame]159 printf( " REVOKED " );
Paul Bakker860d36b2009-05-03 17:29:56 +0000[diff] [blame]160 if( flags & BADCERT_NOT_TRUSTED )
161 printf( " NOT_TRUSTED " );
162 if( flags & BADCRL_NOT_TRUSTED )
163 printf( " CRL_NOT_TRUSTED " );
164 if( flags & BADCRL_EXPIRED )
165 printf( " CRL_EXPIRED " );
Paul Bakker40ea7de2009-05-03 10:18:48 +0000[diff] [blame]166 } else {
167 printf( " failed\n ! x509parse_verify returned %d\n\n", ret );
168 goto exit;
169 }
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]170 }
171
172 printf( " ok\n" );
173
174 /*
175 * 1.5. Load own private key
176 */
177 snprintf(name, 512, "ssl/test-ca/%s", client_private_keys[i]);
Paul Bakkera1d3e5f2009-03-28 17:30:26 +0000[diff] [blame]178
179 printf( " . Loading the client private key %s...", name );
180 fflush( stdout );
181
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]182 ret = x509parse_keyfile( &rsa, name, NULL );
183 if( ret != 0 )
184 {
185 printf( " failed\n ! x509parse_key returned %d\n\n", ret );
186 goto exit;
187 }
Paul Bakkera1d3e5f2009-03-28 17:30:26 +0000[diff] [blame]188
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]189 printf( " ok\n" );
Paul Bakkera1d3e5f2009-03-28 17:30:26 +0000[diff] [blame]190
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]191 /*
192 * 1.5. Verify certificate validity with private key
193 */
194 printf( " . Verify the client certificate with private key..." );
195 fflush( stdout );
Paul Bakkera1d3e5f2009-03-28 17:30:26 +0000[diff] [blame]196
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]197 ret = mpi_cmp_mpi(&rsa.N, &clicert.rsa.N);
198 if( ret != 0 )
199 {
200 printf( " failed\n ! mpi_cmp_mpi for N returned %d\n\n", ret );
201 goto exit;
202 }
Paul Bakkera1d3e5f2009-03-28 17:30:26 +0000[diff] [blame]203
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]204 ret = mpi_cmp_mpi(&rsa.E, &clicert.rsa.E);
205 if( ret != 0 )
206 {
207 printf( " failed\n ! mpi_cmp_mpi for E returned %d\n\n", ret );
208 goto exit;
209 }
Paul Bakkera1d3e5f2009-03-28 17:30:26 +0000[diff] [blame]210
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]211 ret = rsa_check_privkey( &rsa );
212 if( ret != 0 )
213 {
214 printf( " failed\n ! rsa_check_privkey returned %d\n\n", ret );
215 goto exit;
216 }
Paul Bakkera1d3e5f2009-03-28 17:30:26 +0000[diff] [blame]217
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]218 printf( " ok\n" );
Paul Bakkera1d3e5f2009-03-28 17:30:26 +0000[diff] [blame]219
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]220 x509_free( &clicert );
221 rsa_free( &rsa );
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]222 }
223
224exit:
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]225 x509_free( &cacert );
Paul Bakkerd98030e2009-05-02 15:13:40 +0000[diff] [blame]226 x509_crl_free( &crl );
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]227
228#ifdef WIN32
229 printf( " + Press Enter to exit this program.\n" );
230 fflush( stdout ); getchar();
231#endif
232
233 return( ret );
234}