Blame - programs/test/ssl_cert_test.c - mirror/mbed-tls

blob: 7ec337037829dce1a8fc415f515986dceab8619b [file] [log] [blame]

Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	1	/*
				2	* SSL certificate functionality tests
				3	*
				4	* Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
				5	*
				6	* This program is free software; you can redistribute it and/or modify
				7	* it under the terms of the GNU General Public License as published by
				8	* the Free Software Foundation; either version 2 of the License, or
				9	* (at your option) any later version.
				10	*
				11	* This program is distributed in the hope that it will be useful,
				12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				14	* GNU General Public License for more details.
				15	*
				16	* You should have received a copy of the GNU General Public License along
				17	* with this program; if not, write to the Free Software Foundation, Inc.,
				18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				19	*/
				20
				21	#ifndef _CRT_SECURE_NO_DEPRECATE
				22	#define _CRT_SECURE_NO_DEPRECATE 1
				23	#endif
				24
				25	#include <string.h>
				26	#include <stdio.h>
				27
				28	#include "polarssl/certs.h"
				29	#include "polarssl/x509.h"
				30
				31	#define MAX_CLIENT_CERTS 6
				32
				33	char *client_certificates[MAX_CLIENT_CERTS] =
				34	{
				35	"client1.crt",
				36	"client2.crt",
				37	"cert_sha224.crt",
				38	"cert_sha256.crt",
				39	"cert_sha384.crt",
				40	"cert_sha512.crt"
				41	};
				42
Paul Bakker	a1d3e5f	2009-03-28 17:30:26 +0000	[diff] [blame]	43	char *client_private_keys[MAX_CLIENT_CERTS] =
				44	{
				45	"client1.key",
				46	"client2.key",
				47	"cert_sha224.key",
				48	"cert_sha256.key",
				49	"cert_sha384.key",
				50	"cert_sha512.key"
				51	};
				52
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	53	int main( void )
				54	{
				55	int ret, i;
				56	x509_cert cacert, clicert;
Paul Bakker	a1d3e5f	2009-03-28 17:30:26 +0000	[diff] [blame]	57	rsa_context rsa;
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	58
				59	/*
				60	* 1.1. Load the trusted CA
				61	*/
				62	printf( "\n . Loading the CA root certificate ..." );
				63	fflush( stdout );
				64
				65	memset( &cacert, 0, sizeof( x509_cert ) );
				66
				67	/*
				68	* Alternatively, you may load the CA certificates from a .pem or
				69	* .crt file by calling x509parse_crtfile( &cacert, "myca.crt" ).
				70	*/
				71	ret = x509parse_crtfile( &cacert, "ssl/test-ca/test-ca.crt" );
				72	if( ret != 0 )
				73	{
				74	printf( " failed\n ! x509parse_crtfile returned %d\n\n", ret );
				75	goto exit;
				76	}
				77
				78	printf( " ok\n" );
				79
				80	for( i = 0; i < MAX_CLIENT_CERTS; i++ )
				81	{
				82	/*
Paul Bakker	a1d3e5f	2009-03-28 17:30:26 +0000	[diff] [blame]	83	* 1.2. Load own certificate
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	84	*/
				85	char name[512];
				86	snprintf(name, 512, "ssl/test-ca/%s", client_certificates[i]);
				87
				88	printf( " . Loading the client certificatei %s...", name );
				89	fflush( stdout );
				90
				91	memset( &clicert, 0, sizeof( x509_cert ) );
				92
				93	ret = x509parse_crtfile( &clicert, name );
				94	if( ret != 0 )
				95	{
				96	printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
				97	goto exit;
				98	}
				99
				100	printf( " ok\n" );
				101
				102	/*
Paul Bakker	a1d3e5f	2009-03-28 17:30:26 +0000	[diff] [blame]	103	* 1.3. Verify certificate validity with CA certificate
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	104	*/
Paul Bakker	a1d3e5f	2009-03-28 17:30:26 +0000	[diff] [blame]	105	printf( " . Verify the client certificate with CA certificate..." );
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	106	fflush( stdout );
				107
				108	int flags;
				109
				110	ret = x509parse_verify( &clicert, &cacert, NULL, &flags );
				111	if( ret != 0 )
				112	{
				113	printf( " failed\n ! x509parse_verify returned %d\n\n", ret );
				114	goto exit;
				115	}
				116
				117	printf( " ok\n" );
Paul Bakker	a1d3e5f	2009-03-28 17:30:26 +0000	[diff] [blame]	118
				119	/*
				120	* 1.4. Load own private key
				121	*/
				122	snprintf(name, 512, "ssl/test-ca/%s", client_private_keys[i]);
				123
				124	printf( " . Loading the client private key %s...", name );
				125	fflush( stdout );
				126
				127	memset( &rsa, 0, sizeof( rsa_context ) );
				128
				129	ret = x509parse_keyfile( &rsa, name, NULL );
				130	if( ret != 0 )
				131	{
				132	printf( " failed\n ! x509parse_key returned %d\n\n", ret );
				133	goto exit;
				134	}
				135
				136	printf( " ok\n" );
				137
				138	/*
				139	* 1.4. Verify certificate validity with private key
				140	*/
				141	printf( " . Verify the client certificate with private key..." );
				142	fflush( stdout );
				143
				144	ret = mpi_cmp_mpi(&rsa.N, &clicert.rsa.N);
				145	if( ret != 0 )
				146	{
				147	printf( " failed\n ! mpi_cmp_mpi for N returned %d\n\n", ret );
				148	goto exit;
				149	}
				150
				151	ret = mpi_cmp_mpi(&rsa.E, &clicert.rsa.E);
				152	if( ret != 0 )
				153	{
				154	printf( " failed\n ! mpi_cmp_mpi for E returned %d\n\n", ret );
				155	goto exit;
				156	}
				157
				158	ret = rsa_check_privkey( &rsa );
				159	if( ret != 0 )
				160	{
				161	printf( " failed\n ! rsa_check_privkey returned %d\n\n", ret );
				162	goto exit;
				163	}
				164
				165	printf( " ok\n" );
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	166	}
				167
				168	exit:
				169	x509_free( &clicert );
				170	x509_free( &cacert );
				171
				172	#ifdef WIN32
				173	printf( " + Press Enter to exit this program.\n" );
				174	fflush( stdout ); getchar();
				175	#endif
				176
				177	return( ret );
				178	}