mirror of
https://git.suyu.dev/suyu/mbedtls.git
synced 2026-01-04 13:45:05 +01:00
Merged ECDSA-based key-exchange and ciphersuites into development
Conflicts: include/polarssl/config.h library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c
This commit is contained in:
Paul Bakker
commit
577e006c2f
30 changed files with 1706 additions and 635 deletions
462
tests/compat.sh
462
tests/compat.sh
|
|
@ -2,8 +2,13 @@
|
|||
|
||||
killall -q openssl ssl_server ssl_server2
|
||||
|
||||
let "tests = 0"
|
||||
let "failed = 0"
|
||||
let "skipped = 0"
|
||||
|
||||
MODES="ssl3 tls1 tls1_1 tls1_2"
|
||||
VERIFIES="NO YES"
|
||||
TYPES="ECDSA RSA PSK"
|
||||
OPENSSL=openssl
|
||||
FILTER=""
|
||||
VERBOSE=""
|
||||
|
|
@ -23,6 +28,16 @@ do
|
|||
shift
|
||||
MODES=$1
|
||||
;;
|
||||
-t|--types)
|
||||
# Key exchange types
|
||||
shift
|
||||
TYPES=$1
|
||||
;;
|
||||
-V|--verify)
|
||||
# Verifiction modes
|
||||
shift
|
||||
VERIFIES=$1
|
||||
;;
|
||||
-v|--verbose)
|
||||
# Set verbosity
|
||||
shift
|
||||
|
|
@ -34,6 +49,8 @@ do
|
|||
echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)"
|
||||
echo -e " -h|--help\t\tPrint this help."
|
||||
echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")"
|
||||
echo -e " -t|--types\tWhich key exchange type to perform (Default: \"ECDSA RSA PSK\")"
|
||||
echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")"
|
||||
echo -e " -v|--verbose\t\tSet verbose output."
|
||||
exit 1
|
||||
;;
|
||||
|
|
@ -52,127 +69,6 @@ log () {
|
|||
fi
|
||||
}
|
||||
|
||||
for VERIFY in $VERIFIES;
|
||||
do
|
||||
P_SERVER_ARGS="psk=6162636465666768696a6b6c6d6e6f70"
|
||||
P_CLIENT_ARGS="psk=6162636465666768696a6b6c6d6e6f70"
|
||||
O_SERVER_ARGS="-psk 6162636465666768696a6b6c6d6e6f70"
|
||||
O_CLIENT_ARGS="-psk 6162636465666768696a6b6c6d6e6f70"
|
||||
|
||||
if [ "X$VERIFY" = "XYES" ];
|
||||
then
|
||||
P_SERVER_ARGS="$P_SERVER_ARGS auth_mode=required crt_file=data_files/server1.crt key_file=data_files/server1.key ca_file=data_files/test-ca.crt"
|
||||
P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key ca_file=data_files/test-ca.crt"
|
||||
O_SERVER_ARGS="$O_SERVER_ARGS -verify 10 -CAfile data_files/test-ca.crt -cert data_files/server1.crt -key data_files/server1.key"
|
||||
O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server2.crt -key data_files/server2.key -CAfile data_files/test-ca.crt"
|
||||
fi
|
||||
|
||||
for MODE in $MODES;
|
||||
do
|
||||
echo "Running for $MODE (Verify: $VERIFY)"
|
||||
echo "-----------"
|
||||
|
||||
P_CIPHERS=" \
|
||||
TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
|
||||
TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
|
||||
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
|
||||
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
|
||||
TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
|
||||
TLS-RSA-WITH-AES-256-CBC-SHA \
|
||||
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
|
||||
TLS-RSA-WITH-AES-128-CBC-SHA \
|
||||
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
|
||||
TLS-RSA-WITH-3DES-EDE-CBC-SHA \
|
||||
TLS-RSA-WITH-RC4-128-SHA \
|
||||
TLS-RSA-WITH-RC4-128-MD5 \
|
||||
TLS-RSA-EXPORT-WITH-RC4-40-MD5 \
|
||||
TLS-RSA-WITH-NULL-MD5 \
|
||||
TLS-RSA-WITH-NULL-SHA \
|
||||
TLS-RSA-WITH-DES-CBC-SHA \
|
||||
TLS-DHE-RSA-WITH-DES-CBC-SHA \
|
||||
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
|
||||
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
|
||||
TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
|
||||
TLS-ECDHE-RSA-WITH-RC4-128-SHA \
|
||||
TLS-ECDHE-RSA-WITH-NULL-SHA \
|
||||
TLS-PSK-WITH-RC4-128-SHA \
|
||||
TLS-PSK-WITH-3DES-EDE-CBC-SHA \
|
||||
TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
TLS-PSK-WITH-AES-256-CBC-SHA \
|
||||
"
|
||||
|
||||
O_CIPHERS=" \
|
||||
DHE-RSA-AES128-SHA \
|
||||
DHE-RSA-AES256-SHA \
|
||||
DHE-RSA-CAMELLIA128-SHA \
|
||||
DHE-RSA-CAMELLIA256-SHA \
|
||||
EDH-RSA-DES-CBC3-SHA \
|
||||
AES256-SHA \
|
||||
CAMELLIA256-SHA \
|
||||
AES128-SHA \
|
||||
CAMELLIA128-SHA \
|
||||
DES-CBC3-SHA \
|
||||
RC4-SHA \
|
||||
RC4-MD5 \
|
||||
EXP-RC4-MD5 \
|
||||
NULL-MD5 \
|
||||
NULL-SHA \
|
||||
DES-CBC-SHA \
|
||||
EDH-RSA-DES-CBC-SHA \
|
||||
ECDHE-RSA-AES256-SHA \
|
||||
ECDHE-RSA-AES128-SHA \
|
||||
ECDHE-RSA-DES-CBC3-SHA \
|
||||
ECDHE-RSA-RC4-SHA \
|
||||
ECDHE-RSA-NULL-SHA \
|
||||
PSK-RC4-SHA \
|
||||
PSK-3DES-EDE-CBC-SHA \
|
||||
PSK-AES128-CBC-SHA \
|
||||
PSK-AES256-CBC-SHA
|
||||
"
|
||||
|
||||
# Also add SHA256 ciphersuites
|
||||
#
|
||||
if [ "$MODE" = "tls1_2" ];
|
||||
then
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
TLS-RSA-WITH-NULL-SHA256 \
|
||||
TLS-RSA-WITH-AES-128-CBC-SHA256 \
|
||||
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
|
||||
TLS-RSA-WITH-AES-256-CBC-SHA256 \
|
||||
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
|
||||
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
|
||||
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
|
||||
"
|
||||
|
||||
O_CIPHERS="$O_CIPHERS \
|
||||
NULL-SHA256 \
|
||||
AES128-SHA256 \
|
||||
DHE-RSA-AES128-SHA256 \
|
||||
AES256-SHA256 \
|
||||
DHE-RSA-AES256-SHA256 \
|
||||
ECDHE-RSA-AES128-SHA256 \
|
||||
ECDHE-RSA-AES256-SHA384 \
|
||||
"
|
||||
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
TLS-RSA-WITH-AES-128-GCM-SHA256 \
|
||||
TLS-RSA-WITH-AES-256-GCM-SHA384 \
|
||||
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
|
||||
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
|
||||
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
|
||||
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
|
||||
"
|
||||
|
||||
O_CIPHERS="$O_CIPHERS \
|
||||
AES128-GCM-SHA256 \
|
||||
DHE-RSA-AES128-GCM-SHA256 \
|
||||
AES256-GCM-SHA384 \
|
||||
DHE-RSA-AES256-GCM-SHA384 \
|
||||
ECDHE-RSA-AES128-GCM-SHA256 \
|
||||
ECDHE-RSA-AES256-GCM-SHA384 \
|
||||
"
|
||||
fi
|
||||
|
||||
filter()
|
||||
{
|
||||
LIST=$1
|
||||
|
|
@ -188,6 +84,195 @@ filter()
|
|||
echo "$NEW_LIST"
|
||||
}
|
||||
|
||||
for VERIFY in $VERIFIES;
|
||||
do
|
||||
|
||||
if [ "X$VERIFY" = "XYES" ];
|
||||
then
|
||||
P_SERVER_ARGS="ca_file=data_files/test-ca_cat12.crt auth_mode=required"
|
||||
P_CLIENT_ARGS="ca_file=data_files/test-ca_cat12.crt"
|
||||
O_SERVER_ARGS="-CAfile data_files/test-ca_cat12.crt -Verify 10"
|
||||
O_CLIENT_ARGS="-CAfile data_files/test-ca_cat12.crt"
|
||||
else
|
||||
P_SERVER_ARGS=""
|
||||
P_CLIENT_ARGS=""
|
||||
O_SERVER_ARGS=""
|
||||
O_CLIENT_ARGS=""
|
||||
fi
|
||||
|
||||
|
||||
for MODE in $MODES;
|
||||
do
|
||||
echo "-----------"
|
||||
echo "Running for $MODE (Verify: $VERIFY)"
|
||||
echo "-----------"
|
||||
|
||||
for TYPE in $TYPES;
|
||||
do
|
||||
|
||||
case $TYPE in
|
||||
|
||||
"ECDSA")
|
||||
|
||||
P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
|
||||
P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
|
||||
O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
|
||||
O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
|
||||
|
||||
P_CIPHERS=" \
|
||||
TLS-ECDHE-ECDSA-WITH-NULL-SHA \
|
||||
TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
|
||||
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
|
||||
"
|
||||
|
||||
O_CIPHERS=" \
|
||||
ECDHE-ECDSA-NULL-SHA \
|
||||
ECDHE-ECDSA-RC4-SHA \
|
||||
ECDHE-ECDSA-DES-CBC3-SHA \
|
||||
ECDHE-ECDSA-AES128-SHA \
|
||||
ECDHE-ECDSA-AES256-SHA \
|
||||
"
|
||||
|
||||
if [ "$MODE" = "tls1_2" ];
|
||||
then
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
|
||||
"
|
||||
|
||||
O_CIPHERS=" \
|
||||
ECDHE-ECDSA-AES128-SHA256 \
|
||||
ECDHE-ECDSA-AES256-SHA384 \
|
||||
ECDHE-ECDSA-AES128-GCM-SHA256 \
|
||||
ECDHE-ECDSA-AES256-GCM-SHA384 \
|
||||
"
|
||||
fi
|
||||
|
||||
;;
|
||||
|
||||
"RSA")
|
||||
|
||||
P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
|
||||
P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
|
||||
O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server1.crt -key data_files/server1.key"
|
||||
O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server2.crt -key data_files/server2.key"
|
||||
|
||||
P_CIPHERS=" \
|
||||
TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
|
||||
TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
|
||||
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
|
||||
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
|
||||
TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
|
||||
TLS-RSA-WITH-AES-256-CBC-SHA \
|
||||
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
|
||||
TLS-RSA-WITH-AES-128-CBC-SHA \
|
||||
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
|
||||
TLS-RSA-WITH-3DES-EDE-CBC-SHA \
|
||||
TLS-RSA-WITH-RC4-128-SHA \
|
||||
TLS-RSA-WITH-RC4-128-MD5 \
|
||||
TLS-RSA-EXPORT-WITH-RC4-40-MD5 \
|
||||
TLS-RSA-WITH-NULL-MD5 \
|
||||
TLS-RSA-WITH-NULL-SHA \
|
||||
TLS-RSA-WITH-DES-CBC-SHA \
|
||||
TLS-DHE-RSA-WITH-DES-CBC-SHA \
|
||||
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
|
||||
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
|
||||
TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
|
||||
TLS-ECDHE-RSA-WITH-RC4-128-SHA \
|
||||
TLS-ECDHE-RSA-WITH-NULL-SHA \
|
||||
"
|
||||
|
||||
O_CIPHERS=" \
|
||||
DHE-RSA-AES128-SHA \
|
||||
DHE-RSA-AES256-SHA \
|
||||
DHE-RSA-CAMELLIA128-SHA \
|
||||
DHE-RSA-CAMELLIA256-SHA \
|
||||
EDH-RSA-DES-CBC3-SHA \
|
||||
AES256-SHA \
|
||||
CAMELLIA256-SHA \
|
||||
AES128-SHA \
|
||||
CAMELLIA128-SHA \
|
||||
DES-CBC3-SHA \
|
||||
RC4-SHA \
|
||||
RC4-MD5 \
|
||||
EXP-RC4-MD5 \
|
||||
NULL-MD5 \
|
||||
NULL-SHA \
|
||||
DES-CBC-SHA \
|
||||
EDH-RSA-DES-CBC-SHA \
|
||||
ECDHE-RSA-AES256-SHA \
|
||||
ECDHE-RSA-AES128-SHA \
|
||||
ECDHE-RSA-DES-CBC3-SHA \
|
||||
ECDHE-RSA-RC4-SHA \
|
||||
ECDHE-RSA-NULL-SHA \
|
||||
"
|
||||
|
||||
if [ "$MODE" = "tls1_2" ];
|
||||
then
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
TLS-RSA-WITH-NULL-SHA256 \
|
||||
TLS-RSA-WITH-AES-128-CBC-SHA256 \
|
||||
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
|
||||
TLS-RSA-WITH-AES-256-CBC-SHA256 \
|
||||
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
|
||||
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
|
||||
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
|
||||
TLS-RSA-WITH-AES-128-GCM-SHA256 \
|
||||
TLS-RSA-WITH-AES-256-GCM-SHA384 \
|
||||
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
|
||||
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
|
||||
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
|
||||
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
|
||||
"
|
||||
|
||||
O_CIPHERS="$O_CIPHERS \
|
||||
NULL-SHA256 \
|
||||
AES128-SHA256 \
|
||||
DHE-RSA-AES128-SHA256 \
|
||||
AES256-SHA256 \
|
||||
DHE-RSA-AES256-SHA256 \
|
||||
ECDHE-RSA-AES128-SHA256 \
|
||||
ECDHE-RSA-AES256-SHA384 \
|
||||
AES128-GCM-SHA256 \
|
||||
DHE-RSA-AES128-GCM-SHA256 \
|
||||
AES256-GCM-SHA384 \
|
||||
DHE-RSA-AES256-GCM-SHA384 \
|
||||
ECDHE-RSA-AES128-GCM-SHA256 \
|
||||
ECDHE-RSA-AES256-GCM-SHA384 \
|
||||
"
|
||||
fi
|
||||
|
||||
;;
|
||||
|
||||
"PSK")
|
||||
|
||||
P_SERVER_ARGS="$P_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70"
|
||||
P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70"
|
||||
O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
|
||||
O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
|
||||
|
||||
P_CIPHERS=" \
|
||||
TLS-PSK-WITH-RC4-128-SHA \
|
||||
TLS-PSK-WITH-3DES-EDE-CBC-SHA \
|
||||
TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
TLS-PSK-WITH-AES-256-CBC-SHA \
|
||||
"
|
||||
|
||||
O_CIPHERS=" \
|
||||
PSK-RC4-SHA \
|
||||
PSK-3DES-EDE-CBC-SHA \
|
||||
PSK-AES128-CBC-SHA \
|
||||
PSK-AES256-CBC-SHA \
|
||||
"
|
||||
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
# Filter ciphersuites
|
||||
if [ "X" != "X$FILTER" ];
|
||||
then
|
||||
|
|
@ -197,13 +282,14 @@ fi
|
|||
|
||||
|
||||
log "$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE"
|
||||
$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE &
|
||||
$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE >/dev/null 2>&1 &
|
||||
PROCESS_ID=$!
|
||||
|
||||
sleep 1
|
||||
|
||||
for i in $P_CIPHERS;
|
||||
do
|
||||
let "tests++"
|
||||
log "../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE"
|
||||
RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE )"
|
||||
EXIT=$?
|
||||
|
|
@ -211,10 +297,12 @@ do
|
|||
if [ "$EXIT" = "2" ];
|
||||
then
|
||||
echo Ciphersuite not supported in client
|
||||
let "skipped++"
|
||||
elif [ "$EXIT" != "0" ];
|
||||
then
|
||||
echo Failed
|
||||
echo $RESULT
|
||||
let "failed++"
|
||||
else
|
||||
echo Success
|
||||
fi
|
||||
|
|
@ -230,6 +318,7 @@ sleep 1
|
|||
|
||||
for i in $O_CIPHERS;
|
||||
do
|
||||
let "tests++"
|
||||
log "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS"
|
||||
RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
|
||||
EXIT=$?
|
||||
|
|
@ -241,11 +330,13 @@ do
|
|||
if [ "X$SUPPORTED" != "X" ]
|
||||
then
|
||||
echo "Ciphersuite not supported in server"
|
||||
let "skipped++"
|
||||
else
|
||||
echo Failed
|
||||
echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS
|
||||
echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS
|
||||
echo $RESULT
|
||||
let "failed++"
|
||||
fi
|
||||
else
|
||||
echo Success
|
||||
|
|
@ -261,49 +352,72 @@ PROCESS_ID=$!
|
|||
|
||||
sleep 1
|
||||
|
||||
# OpenSSL does not support RFC5246 and RFC6367 Camellia ciphers with SHA256
|
||||
# or SHA384
|
||||
# Add for PolarSSL only test, which does support them.
|
||||
#
|
||||
if [ "$MODE" = "tls1_2" ];
|
||||
then
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
|
||||
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
|
||||
TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||
TLS-PSK-WITH-AES-128-CBC-SHA256 \
|
||||
TLS-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
|
||||
TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
TLS-PSK-WITH-AES-128-GCM-SHA256 \
|
||||
TLS-PSK-WITH-AES-256-GCM-SHA384 \
|
||||
TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
|
||||
TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
|
||||
TLS-PSK-WITH-NULL-SHA256 \
|
||||
TLS-PSK-WITH-NULL-SHA384 \
|
||||
TLS-DHE-PSK-WITH-NULL-SHA256 \
|
||||
TLS-DHE-PSK-WITH-NULL-SHA384 \
|
||||
TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||
TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||
TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||
TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||
"
|
||||
fi
|
||||
# Add ciphersuites supported by PolarSSL only
|
||||
|
||||
# OpenSSL does not support DHE-PSK ciphers
|
||||
# Add for PolarSSL only test, which does support them.
|
||||
#
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
TLS-DHE-PSK-WITH-RC4-128-SHA \
|
||||
TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
|
||||
TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
|
||||
TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
|
||||
TLS-PSK-WITH-NULL-SHA \
|
||||
TLS-DHE-PSK-WITH-NULL-SHA \
|
||||
"
|
||||
case $TYPE in
|
||||
|
||||
"ECDSA")
|
||||
|
||||
if [ "$MODE" = "tls1_2" ];
|
||||
then
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||
"
|
||||
fi
|
||||
|
||||
;;
|
||||
|
||||
"RSA")
|
||||
|
||||
if [ "$MODE" = "tls1_2" ];
|
||||
then
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
|
||||
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
|
||||
TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||
"
|
||||
fi
|
||||
|
||||
;;
|
||||
|
||||
"PSK")
|
||||
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
TLS-DHE-PSK-WITH-RC4-128-SHA \
|
||||
TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
|
||||
TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
|
||||
TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
|
||||
TLS-PSK-WITH-NULL-SHA \
|
||||
TLS-DHE-PSK-WITH-NULL-SHA \
|
||||
"
|
||||
|
||||
if [ "$MODE" = "tls1_2" ];
|
||||
then
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
TLS-PSK-WITH-AES-128-CBC-SHA256 \
|
||||
TLS-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
|
||||
TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
TLS-PSK-WITH-AES-128-GCM-SHA256 \
|
||||
TLS-PSK-WITH-AES-256-GCM-SHA384 \
|
||||
TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
|
||||
TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
|
||||
TLS-PSK-WITH-NULL-SHA256 \
|
||||
TLS-PSK-WITH-NULL-SHA384 \
|
||||
TLS-DHE-PSK-WITH-NULL-SHA256 \
|
||||
TLS-DHE-PSK-WITH-NULL-SHA384 \
|
||||
TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||
TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||
TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||
TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||
"
|
||||
fi
|
||||
|
||||
esac
|
||||
|
||||
# Filter ciphersuites
|
||||
if [ "X" != "X$FILTER" ];
|
||||
|
|
@ -314,6 +428,7 @@ fi
|
|||
|
||||
for i in $P_CIPHERS;
|
||||
do
|
||||
let "tests++"
|
||||
log "../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS"
|
||||
RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS )"
|
||||
EXIT=$?
|
||||
|
|
@ -321,10 +436,12 @@ do
|
|||
if [ "$EXIT" = "2" ];
|
||||
then
|
||||
echo Ciphersuite not supported in client
|
||||
let "skipped++"
|
||||
elif [ "$EXIT" != "0" ];
|
||||
then
|
||||
echo Failed
|
||||
echo $RESULT
|
||||
let "failed++"
|
||||
else
|
||||
echo Success
|
||||
fi
|
||||
|
|
@ -334,3 +451,20 @@ wait $PROCESS_ID 2>/dev/null
|
|||
|
||||
done
|
||||
done
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo "-------------------------------------------------------------------------"
|
||||
echo ""
|
||||
|
||||
if (( failed != 0 ));
|
||||
then
|
||||
echo -n "FAILED"
|
||||
else
|
||||
echo -n "PASSED"
|
||||
fi
|
||||
|
||||
let "passed = tests - failed"
|
||||
echo " ($passed / $tests tests ($skipped skipped))"
|
||||
|
||||
exit $failed
|
||||
|
|
|
|||
|
|
@ -463,23 +463,18 @@ Test GCD #1
|
|||
mpi_gcd:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1"
|
||||
|
||||
Base test mpi_inv_mod #1
|
||||
depends_on:POLARSSL_GENPRIME
|
||||
mpi_inv_mod:10:"3":10:"11":10:"4":0
|
||||
|
||||
Base test mpi_inv_mod #2
|
||||
depends_on:POLARSSL_GENPRIME
|
||||
mpi_inv_mod:10:"3":10:"0":10:"0":POLARSSL_ERR_MPI_BAD_INPUT_DATA
|
||||
|
||||
Base test mpi_inv_mod #3
|
||||
depends_on:POLARSSL_GENPRIME
|
||||
mpi_inv_mod:10:"3":10:"-11":10:"4":POLARSSL_ERR_MPI_BAD_INPUT_DATA
|
||||
|
||||
Base test mpi_inv_mod #4
|
||||
depends_on:POLARSSL_GENPRIME
|
||||
mpi_inv_mod:10:"2":10:"4":10:"0":POLARSSL_ERR_MPI_NOT_ACCEPTABLE
|
||||
|
||||
Test mpi_inv_mod #1
|
||||
depends_on:POLARSSL_GENPRIME
|
||||
mpi_inv_mod:16:"aa4df5cb14b4c31237f98bd1faf527c283c2d0f3eec89718664ba33f9762907c":16:"fffbbd660b94412ae61ead9c2906a344116e316a256fd387874c6c675b1d587d":16:"8d6a5c1d7adeae3e94b9bcd2c47e0d46e778bc8804a2cc25c02d775dc3d05b0c":0
|
||||
|
||||
Base test mpi_is_prime #1
|
||||
|
|
|
|||
|
|
@ -634,7 +634,7 @@ void mpi_inv_mod( int radix_X, char *input_X, int radix_Y, char *input_Y,
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
/* BEGIN_CASE depends_on:POLARSSL_GENPRIME */
|
||||
void mpi_is_prime( int radix_X, char *input_X, int div_result )
|
||||
{
|
||||
mpi X;
|
||||
|
|
|
|||
|
|
@ -303,43 +303,43 @@ depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP521R
|
|||
x509parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0
|
||||
|
||||
X509 Get Distinguished Name #1
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
|
||||
x509_dn_gets:"data_files/server1.crt":"subject":"C=NL, O=PolarSSL, CN=PolarSSL Server 1"
|
||||
|
||||
X509 Get Distinguished Name #2
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
|
||||
x509_dn_gets:"data_files/server1.crt":"issuer":"C=NL, O=PolarSSL, CN=PolarSSL Test CA"
|
||||
|
||||
X509 Get Distinguished Name #3
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
|
||||
x509_dn_gets:"data_files/server2.crt":"subject":"C=NL, O=PolarSSL, CN=localhost"
|
||||
|
||||
X509 Get Distinguished Name #4
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
|
||||
x509_dn_gets:"data_files/server2.crt":"issuer":"C=NL, O=PolarSSL, CN=PolarSSL Test CA"
|
||||
|
||||
X509 Time Expired #1
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
|
||||
x509_time_expired:"data_files/server1.crt":"valid_from":1
|
||||
|
||||
X509 Time Expired #2
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
|
||||
x509_time_expired:"data_files/server1.crt":"valid_to":0
|
||||
|
||||
X509 Time Expired #3
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
|
||||
x509_time_expired:"data_files/server2.crt":"valid_from":1
|
||||
|
||||
X509 Time Expired #4
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
|
||||
x509_time_expired:"data_files/server2.crt":"valid_to":0
|
||||
|
||||
X509 Time Expired #5
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
|
||||
x509_time_expired:"data_files/test-ca.crt":"valid_from":1
|
||||
|
||||
X509 Time Expired #6
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
|
||||
x509_time_expired:"data_files/test-ca.crt":"valid_to":0
|
||||
|
||||
X509 Certificate verification #1 (Revoked Cert, Expired CRL)
|
||||
|
|
@ -686,114 +686,151 @@ X509 Certificate ASN1 (TBSCertificate, pubkey, invalid bitstring start)
|
|||
x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_INVALID_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring length)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring tag)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, pubkey, invalid mpi)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, pubkey, total length mismatch)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"30753073a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d300d06092A864886F70D0101010500030b0030080202ffff0202ffff00":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, pubkey, check failed)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff":"":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, pubkey, check failed, expanded length notation)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff":"":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, Optional UIDs, Extensions not present)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, issuerID wrong tag)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308184308181a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff00":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, UIDs, no ext)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bb":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, UIDs, invalid length)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa185aaa201bb":"":POLARSSL_ERR_ASN1_INVALID_LENGTH
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, ext empty)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"30818b308188a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba300":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, ext length mismatch)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"30818e30818ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba303300000":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, first ext invalid)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"30818f30818ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30330023000":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, first ext invalid tag)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"30819030818da0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba3043002310000":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, bool len missing)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d1301010100":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, data missing)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30080603551d1301010100":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no octet present)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30d300b30090603551d1301010100":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet data missing)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"30819c308199a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba311300f300d0603551d130101010403300100":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no pathlen)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"30819f30819ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba314301230100603551d130101010406300402010102":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet len mismatch)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"3081a230819fa0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba317301530130603551d130101010409300702010102010100":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (correct pubkey, no sig_alg)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (sig_alg mismatch)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0102020500":"":POLARSSL_ERR_X509_CERT_SIG_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (sig_alg, no sig)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (signature, invalid sig data)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308195308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030100":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_INVALID_DATA
|
||||
|
||||
X509 Certificate ASN1 (signature, data left)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308197308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff00":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (correct)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
|
||||
|
||||
X509 Certificate ASN1 (GeneralizedTime instead of UTCTime)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2010-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
|
||||
|
||||
X509 Certificate ASN1 (Name with X520 CN)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: CN=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
|
||||
|
||||
X509 Certificate ASN1 (Name with X520 C)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: C=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
|
||||
|
||||
X509 Certificate ASN1 (Name with X520 L)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: L=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
|
||||
|
||||
X509 Certificate ASN1 (Name with X520 ST)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ST=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
|
||||
|
||||
X509 Certificate ASN1 (Name with X520 O)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: O=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
|
||||
|
||||
X509 Certificate ASN1 (Name with X520 OU)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: OU=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
|
||||
|
||||
X509 Certificate ASN1 (Name with unknown X520 part)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
|
||||
|
||||
X509 Certificate ASN1 (Name with PKCS9 email)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
|
||||
|
||||
X509 Certificate ASN1 (Name with unknown PKCS9 part)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
|
||||
|
||||
X509 Certificate ASN1 (ECDSA signature, RSA key)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"3081E630819E020103300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343631385A170D3233303730383039343631385A300F310D300B0603550403130454657374304C300D06092A864886F70D0101010500033B003038023100E8F546061D3B49BC2F6B7524B7EA4D73A8D5293EE8C64D9407B70B5D16BAEBC32B8205591EAB4E1EB57E9241883701250203010001300906072A8648CE3D0401033800303502186E18209AFBED14A0D9A796EFCAD68891E3CCD5F75815C833021900E92B4FD460B1994693243B9FFAD54729DE865381BDA41D25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0
|
||||
|
||||
X509 Certificate ASN1 (ECDSA signature, EC key)
|
||||
|
|
|
|||
|
|
@ -165,7 +165,7 @@ void x509_time_expired( char *crt_file, char *entity, int result )
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
/* BEGIN_CASE depends_on:POLARSSL_RSA_C */
|
||||
void x509parse_keyfile_rsa( char *key_file, char *password, int result )
|
||||
{
|
||||
rsa_context rsa;
|
||||
|
|
@ -190,7 +190,7 @@ void x509parse_keyfile_rsa( char *key_file, char *password, int result )
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
/* BEGIN_CASE depends_on:POLARSSL_RSA_C */
|
||||
void x509parse_public_keyfile_rsa( char *key_file, int result )
|
||||
{
|
||||
rsa_context rsa;
|
||||
|
|
@ -317,7 +317,7 @@ void x509parse_crl( char *crl_data, char *result_str, int result )
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
/* BEGIN_CASE depends_on:POLARSSL_RSA_C */
|
||||
void x509parse_key_rsa( char *key_data, char *result_str, int result )
|
||||
{
|
||||
rsa_context rsa;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue