1 /* $Id: eaytest.c,v 1.20 2004/11/18 15:14:44 ludvigm Exp $ */
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include <sys/types.h>
36 #include <sys/socket.h>
38 #include <netinet/in.h>
49 #include <openssl/bio.h>
50 #include <openssl/pem.h>
61 #include "crypto_openssl.h"
64 #include "../../package_version.h"
66 #define PVDUMP(var) hexdump((var)->v, (var)->l)
68 /*#define CERTTEST_BROKEN */
72 static vchar_t *pem_read_buf __P((char *));
73 void Usage __P((void));
75 int rsatest __P((int, char **));
76 int ciphertest __P((int, char **));
77 int hmactest __P((int, char **));
78 int sha1test __P((int, char **));
79 int md5test __P((int, char **));
80 int dhtest __P((int, char **));
81 int bntest __P((int, char **));
82 #ifndef CERTTEST_BROKEN
83 static char **getcerts __P((char *));
84 int certtest __P((int, char **));
90 rsa_verify_with_pubkey(src, sig, pubkey_txt)
98 bio = BIO_new_mem_buf(pubkey_txt, strlen(pubkey_txt));
99 evp = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
101 printf ("PEM_read_PUBKEY(): %s\n", eay_strerror());
104 error = eay_check_rsasign(src, sig, evp->pkey.rsa);
114 char *text = "this is test.";
120 "-----BEGIN RSA PRIVATE KEY-----\n"
121 "MIICXQIBAAKBgQChe5/Fzk9SA0vCKBOcu9jBcLb9oLv50PeuEfQojhakY+OH8A3Q\n"
122 "M8A0qIDG6uhTNGPvzCWb/+mKeOB48n5HJpLxlDFyP3kyd2yXHIZ/MN8g1nh4FsB0\n"
123 "iTkk8QUCJkkan6FCOBrIeLEsGA5AdodzuR+khnCMt8vO+NFHZYKAQeynyQIDAQAB\n"
124 "AoGAOfDcnCHxjhDGrwyoNNWl6Yqi7hAtQm67YAbrH14UO7nnmxAENM9MyNgpFLaW\n"
125 "07v5m8IZQIcradcDXAJOUwNBN8E06UflwEYCaScIwndvr5UpVlN3e2NC6Wyg2yC7\n"
126 "GarxQput3zj35XNR5bK42UneU0H6zDxpHWqI1SwE+ToAHu0CQQDNl9gUJTpg0L09\n"
127 "HkbE5jeb8bA5I20nKqBOBP0v5tnzpwu41umQwk9I7Ru0ucD7j+DW4k8otadW+FnI\n"
128 "G1M1MpSjAkEAyRMt4bN8otfpOpsOQWzw4jQtouohOxRFCrQTntHhU20PrQnQLZWs\n"
129 "pOVzqCjRytYtkPEUA1z8QK5gGcVPcOQsowJBALmt2rwPB1NrEo5Bat7noO+Zb3Ob\n"
130 "WDiYWeE8xkHd95gDlSWiC53ur9aINo6ZeP556jGIgL+el/yHHecJLrQL84sCQH48\n"
131 "zUxq/C/cb++8UzneJGlPqusiJNTLiAENR1gpmlZfHT1c8Nb9phMsfu0vG29GAfuC\n"
132 "bzchVLljALCNQK+2gRMCQQCNIgN+R9mRWZhFAcC1sq++YnuSBlw4VwdL/fd1Yg9e\n"
133 "Ul+U98yPl/NXt8Rs4TRBFcOZjkFI8xv0hQtevTgTmgz+\n"
134 "-----END RSA PRIVATE KEY-----\n\n";
136 "-----BEGIN PUBLIC KEY-----\n"
137 "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChe5/Fzk9SA0vCKBOcu9jBcLb9\n"
138 "oLv50PeuEfQojhakY+OH8A3QM8A0qIDG6uhTNGPvzCWb/+mKeOB48n5HJpLxlDFy\n"
139 "P3kyd2yXHIZ/MN8g1nh4FsB0iTkk8QUCJkkan6FCOBrIeLEsGA5AdodzuR+khnCM\n"
140 "t8vO+NFHZYKAQeynyQIDAQAB\n"
141 "-----END PUBLIC KEY-----\n\n";
143 "-----BEGIN PUBLIC KEY-----\n"
144 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDncG2tSokRBhK8la1mO\n"
145 "QnUpxg6KvpoFUjEyRiIE1GRap5V6jCCEOmA9ZAz4Oa/97oxewwMWtchIxSBZVCia\n"
146 "H9oGasbOFzrtSR+MKl6Cb/Ow3Fu+PKbHTsnfTk/nOOWyaQh91PRD7fdwHe8L9P7w\n"
147 "2kFPmDW6+RNKIR4OErhXf1O0eSShPe0TO3vx43O7dWqhmh3Kgr4Jq7zAGqHtwu0B\n"
148 "RFZnmsocOnVZb2yAHndp51/Mk1H37ThHwN7qMx7RqrS3ru3XtchpJd9IQJPBIRfY\n"
149 "VYQ68u5ix/Z80Y6VkRf0qnAvel8B6D3N3Zyq5u7G60PfvvtCybeMn7nVrSMxqMW/\n"
151 "-----END PUBLIC KEY-----\n\n";
153 printf ("%s", pkcs1);
154 printf ("%s", pubkey);
155 priv = pem_read_buf(pkcs1);
158 src.l = strlen(text);
161 sig = eay_get_x509sign(&src, priv);
163 printf("sign failed. %s\n", eay_strerror());
167 printf("RSA signed data.\n");
170 printf("Verification with correct pubkey: ");
171 if (rsa_verify_with_pubkey (&src, sig, pubkey) != 0) {
172 printf ("Failed.\n");
176 printf ("Verified. Good.\n");
178 loglevel_saved = loglevel;
180 printf("Verification with wrong pubkey: ");
181 if (rsa_verify_with_pubkey (&src, sig, pubkey_wrong) != 0)
182 printf ("Not verified. Good.\n");
184 printf ("Verified. This is bad...\n");
185 loglevel = loglevel_saved;
188 loglevel = loglevel_saved;
198 char *nm = NULL, *header = NULL;
199 unsigned char *data = NULL;
204 bio = BIO_new_mem_buf(buf, strlen(buf));
205 error = PEM_read_bio(bio, &nm, &header, &data, &len);
207 errx(1, "%s", eay_strerror());
211 memcpy(ret->v, data, len);
216 #ifndef CERTTEST_BROKEN
227 printf("\n**Test for Certificate.**\n");
230 vchar_t *asn1dn = NULL, asn1dn0;
232 char dnstr[] = "C=JP, ST=Kanagawa, L=Fujisawa, O=WIDE Project, OU=KAME Project, CN=Shoichi Sakane/Email=sakane@kame.net";
236 0x30,0x81,0x9a,0x31,0x0b,0x30,0x09,0x06,
237 0x03,0x55,0x04,0x06,0x13,0x02,0x4a,0x50,
238 0x31,0x11,0x30,0x0f,0x06,0x03,0x55,0x04,
239 0x08,0x13,0x08,0x4b,0x61,0x6e,0x61,0x67,
240 0x61,0x77,0x61,0x31,0x11,0x30,0x0f,0x06,
241 0x03,0x55,0x04,0x07,0x13,0x08,0x46,0x75,
242 0x6a,0x69,0x73,0x61,0x77,0x61,0x31,0x15,
243 0x30,0x13,0x06,0x03,0x55,0x04,0x0a,0x13,
244 0x0c,0x57,0x49,0x44,0x45,0x20,0x50,0x72,
245 0x6f,0x6a,0x65,0x63,0x74,0x31,0x15,0x30,
246 0x13,0x06,0x03,0x55,0x04,0x0b,0x13,0x0c,
247 0x4b,0x41,0x4d,0x45,0x20,0x50,0x72,0x6f,
248 0x6a,0x65,0x63,0x74,0x31,0x17,0x30,0x15,
249 0x06,0x03,0x55,0x04,0x03,0x13,0x0e,0x53,
250 0x68,0x6f,0x69,0x63,0x68,0x69,0x20,0x53,
251 0x61,0x6b,0x61,0x6e,0x65,0x31,0x1e,0x30,
252 0x1c,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,
256 0x6b,0x61,0x6e,0x65,0x40,0x6b,0x61,0x6d,
257 0x65,0x2e,0x6e,0x65,0x74,
259 #else /* not ORIG_DN */
260 char dnstr[] = "C=JP, ST=Kanagawa, L=Fujisawa, O=WIDE Project, OU=KAME Project, CN=Shoichi Sakane";
261 char dnstr_w1[] = "C=JP, ST=Kanagawa, L=Fujisawa, O=WIDE Project, OU=*, CN=Shoichi Sakane";
262 char dnstr_w2[] = "C=JP, ST=Kanagawa, L=Fujisawa, O=WIDE Project, OU=KAME Project, CN=*";
264 0x30,0x7a,0x31,0x0b,0x30,0x09,0x06,0x03,
265 0x55,0x04,0x06,0x13,0x02,0x4a,0x50,0x31,
266 0x11,0x30,0x0f,0x06,0x03,0x55,0x04,0x08,
267 0x13,0x08,0x4b,0x61,0x6e,0x61,0x67,0x61,
268 0x77,0x61,0x31,0x11,0x30,0x0f,0x06,0x03,
269 0x55,0x04,0x07,0x13,0x08,0x46,0x75,0x6a,
270 0x69,0x73,0x61,0x77,0x61,0x31,0x15,0x30,
271 0x13,0x06,0x03,0x55,0x04,0x0a,0x13,0x0c,
272 0x57,0x49,0x44,0x45,0x20,0x50,0x72,0x6f,
273 0x6a,0x65,0x63,0x74,0x31,0x15,0x30,0x13,
274 0x06,0x03,0x55,0x04,0x0b,0x13,0x0c,0x4b,
275 0x41,0x4d,0x45,0x20,0x50,0x72,0x6f,0x6a,
276 0x65,0x63,0x74,0x31,0x17,0x30,0x15,0x06,
277 0x03,0x55,0x04,0x03,0x13,0x0e,0x53,0x68,
278 0x6f,0x69,0x63,0x68,0x69,0x20,0x53,0x61,
283 printf("check to convert the string into subjectName.\n");
284 printf("%s\n", dnstr);
287 asn1dn0.l = sizeof(dn0);
289 asn1dn = eay_str2asn1dn(dnstr, strlen(dnstr));
290 if (asn1dn == NULL || asn1dn->l != asn1dn0.l)
291 #ifdef OUTPUT_VALID_ASN1DN
293 unsigned char *cp; int i;
294 printf("asn1dn length mismatched (%zu != %zu).\n", asn1dn ? asn1dn->l : -1, asn1dn0.l);
295 for (cp = asn1dn->v, i = 0; i < asn1dn->l; i++)
296 printf ("0x%02x,", *cp++);
300 errx(1, "asn1dn length mismatched (%zu != %zu).\n", asn1dn ? asn1dn->l : -1, asn1dn0.l);
304 * NOTE: The value pointed by "<==" above is different from the
305 * return of eay_str2asn1dn(). but eay_cmp_asn1dn() can distinguish
306 * both of the names are same name.
308 if (eay_cmp_asn1dn(&asn1dn0, asn1dn))
309 errx(1, "asn1dn mismatched.\n");
312 printf("exact match: succeed.\n");
315 asn1dn = eay_str2asn1dn(dnstr_w1, strlen(dnstr_w1));
316 if (asn1dn == NULL || asn1dn->l == asn1dn0.l)
317 errx(1, "asn1dn length wrong for wildcard 1\n");
318 if (eay_cmp_asn1dn(&asn1dn0, asn1dn))
319 errx(1, "asn1dn mismatched for wildcard 1.\n");
321 printf("wildcard 1 match: succeed.\n");
325 asn1dn = eay_str2asn1dn(dnstr_w2, strlen(dnstr_w2));
326 if (asn1dn == NULL || asn1dn->l == asn1dn0.l)
327 errx(1, "asn1dn length wrong for wildcard 2\n");
328 if (eay_cmp_asn1dn(&asn1dn0, asn1dn))
329 errx(1, "asn1dn mismatched for wildcard 2.\n");
331 printf("wildcard 2 match: succeed.\n");
339 certpath = *(av + 1);
340 certs = getcerts(certpath);
343 printf("\nCAUTION: These certificates are probably invalid "
344 "on your environment because you don't have their "
345 "issuer's certs in your environment.\n\n");
347 certpath = "/usr/local/openssl/certs";
348 certs = getcerts(NULL);
350 printf("\nWARNING: The main certificates are probably invalid "
351 "on your environment\nbecause you don't have their "
352 "issuer's certs in your environment\nso not doing "
358 while (*certs != NULL) {
364 printf("===CERT===\n");
367 c.l = strlen(*certs);
370 str = eay_get_x509text(&c);
374 /* print ASN.1 of subject name */
375 vstr = eay_get_x509asn1subjectname(&c);
382 /* print subject alt name */
385 for (pos = 1; ; pos++) {
386 error = eay_get_x509subjectaltname(&c, &str, &type, pos);
388 printf("no subjectaltname found.\n");
393 printf("SubjectAltName: %d: %s\n", type, str);
398 /* NULL => name of the certificate file */
399 error = eay_check_x509cert(&c, certpath, NULL, 1);
401 printf("ERROR: cert is invalid.\n");
413 char **certs = NULL, **p;
422 static char *samplecerts[] = {
424 "-----BEGIN CERTIFICATE-----\n"
425 "MIICpTCCAg4CAQAwDQYJKoZIhvcNAQEEBQAwgZoxCzAJBgNVBAYTAkpQMREwDwYD\n"
426 "VQQIEwhLYW5hZ2F3YTERMA8GA1UEBxMIRnVqaXNhd2ExFTATBgNVBAoTDFdJREUg\n"
427 "UHJvamVjdDEVMBMGA1UECxMMS0FNRSBQcm9qZWN0MRcwFQYDVQQDEw5TaG9pY2hp\n"
428 "IFNha2FuZTEeMBwGCSqGSIb3DQEJARYPc2FrYW5lQGthbWUubmV0MB4XDTAwMDgy\n"
429 "NDAxMzc0NFoXDTAwMDkyMzAxMzc0NFowgZoxCzAJBgNVBAYTAkpQMREwDwYDVQQI\n"
430 "EwhLYW5hZ2F3YTERMA8GA1UEBxMIRnVqaXNhd2ExFTATBgNVBAoTDFdJREUgUHJv\n"
431 "amVjdDEVMBMGA1UECxMMS0FNRSBQcm9qZWN0MRcwFQYDVQQDEw5TaG9pY2hpIFNh\n"
432 "a2FuZTEeMBwGCSqGSIb3DQEJARYPc2FrYW5lQGthbWUubmV0MIGfMA0GCSqGSIb3\n"
433 "DQEBAQUAA4GNADCBiQKBgQCpIQG/H3zn4czAmPBcbkDrYxE1A9vcpghpib3Of0Op\n"
434 "SsiWIBOyIMiVAzK/I/JotWp3Vdn5fzGp/7DGAbWXAALas2xHkNmTMPpu6qhmNQ57\n"
435 "kJHZHal24mgc1hwbrI9fb5olvIexx9a1riNPnKMRVHzXYizsyMbf+lJJmZ8QFhWN\n"
436 "twIDAQABMA0GCSqGSIb3DQEBBAUAA4GBACKs6X/BYycuHI3iop403R3XWMHHnNBN\n"
437 "5XTHVWiWgR1cMWkq/dp51gn+nPftpdAaYGpqGkiHGhZcXLoBaX9uON3p+7av+sQN\n"
438 "plXwnvUf2Zsgu+fojskS0gKcDlYiq1O8TOaBgJouFZgr1q6PiYjVEJGogAP28+HN\n"
440 "-----END CERTIFICATE-----\n\n",
441 /* signed by SSH testing CA + CA1 + CA2 */
442 "-----BEGIN X509 CERTIFICATE-----\n"
443 "MIICtTCCAj+gAwIBAgIEOaR8NjANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJG\n"
444 "STEkMCIGA1UEChMbU1NIIENvbW11bmljYXRpb25zIFNlY3VyaXR5MREwDwYDVQQL\n"
445 "EwhXZWIgdGVzdDEbMBkGA1UEAxMSVGVzdCBDQSAxIHN1YiBjYSAyMB4XDTAwMDgy\n"
446 "NDAwMDAwMFoXDTAwMTAwMTAwMDAwMFowgZoxCzAJBgNVBAYTAkpQMREwDwYDVQQI\n"
447 "EwhLYW5hZ2F3YTERMA8GA1UEBxMIRnVqaXNhd2ExFTATBgNVBAoTDFdJREUgUHJv\n"
448 "amVjdDEVMBMGA1UECxMMS0FNRSBQcm9qZWN0MRcwFQYDVQQDEw5TaG9pY2hpIFNh\n"
449 "a2FuZTEeMBwGCSqGSIb3DQEJAQwPc2FrYW5lQGthbWUubmV0MIGfMA0GCSqGSIb3\n"
450 "DQEBAQUAA4GNADCBiQKBgQCpIQG/H3zn4czAmPBcbkDrYxE1A9vcpghpib3Of0Op\n"
451 "SsiWIBOyIMiVAzK/I/JotWp3Vdn5fzGp/7DGAbWXAALas2xHkNmTMPpu6qhmNQ57\n"
452 "kJHZHal24mgc1hwbrI9fb5olvIexx9a1riNPnKMRVHzXYizsyMbf+lJJmZ8QFhWN\n"
453 "twIDAQABo18wXTALBgNVHQ8EBAMCBaAwGgYDVR0RBBMwEYEPc2FrYW5lQGthbWUu\n"
454 "bmV0MDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9sZGFwLnNzaC5maS9jcmxzL2Nh\n"
455 "MS0yLmNybDANBgkqhkiG9w0BAQUFAANhADtaqual41OWshF/rwCTuR6zySBJysGp\n"
456 "+qjkp5efCiYKhAu1L4WXlMsV/SNdzspui5tHasPBvUw8gzFsU/VW/B2zuQZkimf1\n"
457 "u6ZPjUb/vt8vLOPScP5MeH7xrTk9iigsqQ==\n"
458 "-----END X509 CERTIFICATE-----\n\n",
460 "-----BEGIN CERTIFICATE-----\n"
461 "MIICXzCCAcigAwIBAgIEOXGBIzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJG\n"
462 "STEkMCIGA1UEChMbU1NIIENvbW11bmljYXRpb25zIFNlY3VyaXR5MREwDwYDVQQL\n"
463 "EwhXZWIgdGVzdDESMBAGA1UEAxMJVGVzdCBDQSAxMB4XDTAwMDcxNjAwMDAwMFoX\n"
464 "DTAwMDkwMTAwMDAwMFowNTELMAkGA1UEBhMCanAxETAPBgNVBAoTCHRhaGl0ZXN0\n"
465 "MRMwEQYDVQQDEwpmdXJ1a2F3YS0xMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKB\n"
466 "gQDUmI2RaAuoLvtRDbASwRhbkj/Oq0BBIKgAqbFknc/EanJSQwZQu82gD88nf7gG\n"
467 "VEioWmKPLDuEjz5JCuM+k5f7HYHI1wWmz1KFr7UA+avZm4Kp6YKnhuH7soZp7kBL\n"
468 "hTiZEpL0jdmCWLW3ZXoro55rmPrBsCd+bt8VU6tRZm5dUwIBKaNZMFcwCwYDVR0P\n"
469 "BAQDAgWgMBYGA1UdEQQPMA2CBVZQMTAwhwQKFIaFMDAGA1UdHwQpMCcwJaAjoCGG\n"
470 "H2h0dHA6Ly9sZGFwLnNzaC5maS9jcmxzL2NhMS5jcmwwDQYJKoZIhvcNAQEFBQAD\n"
471 "gYEAKJ/2Co/KYW65mwpGG3CBvsoRL8xyUMHGt6gQpFLHiiHuAdix1ADTL6uoFuYi\n"
472 "4sE5omQm1wKVv2ZhS03zDtUfKoVEv0HZ7IY3AU/FZT/M5gQvbt43Dki/ma3ock2I\n"
473 "PPhbLsvXm+GCVh3jvkYGk1zr7VERVeTPtmT+hW63lcxfFp4=\n"
474 "-----END CERTIFICATE-----\n\n",
476 "-----BEGIN CERTIFICATE-----\n"
477 "MIIEFTCCA7+gAwIBAgIKYU5X6AAAAAAACTANBgkqhkiG9w0BAQUFADCBljEpMCcG\n"
478 "CSqGSIb3DQEJARYaeS13YXRhbmFAc2RsLmhpdGFjaGkuY28uanAxCzAJBgNVBAYT\n"
479 "AkpQMREwDwYDVQQIEwhLQU5BR0FXQTERMA8GA1UEBxMIWW9rb2hhbWExEDAOBgNV\n"
480 "BAoTB0hJVEFDSEkxDDAKBgNVBAsTA1NETDEWMBQGA1UEAxMNSVBzZWMgVGVzdCBD\n"
481 "QTAeFw0wMDA3MTUwMjUxNDdaFw0wMTA3MTUwMzAxNDdaMEUxCzAJBgNVBAYTAkpQ\n"
482 "MREwDwYDVQQIEwhLQU5BR0FXQTEQMA4GA1UEChMHSElUQUNISTERMA8GA1UEAxMI\n"
483 "V0FUQU5BQkUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA6Wja5A7Ldzrtx+rMWHEB\n"
484 "Cyt+/ZoG0qdFQbuuUiU1vOSq+1f+ZSCYAdTq13Lrr6Xfz3jDVFEZLPID9PSTFwq+\n"
485 "yQIDAQABo4ICPTCCAjkwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUF\n"
486 "CAICMB0GA1UdDgQWBBTkv7/MH5Ra+S1zBAmnUIH5w8ZTUTCB0gYDVR0jBIHKMIHH\n"
487 "gBQsF2qoaTl5F3GFLKrttaxPJ8j4faGBnKSBmTCBljEpMCcGCSqGSIb3DQEJARYa\n"
488 "eS13YXRhbmFAc2RsLmhpdGFjaGkuY28uanAxCzAJBgNVBAYTAkpQMREwDwYDVQQI\n"
489 "EwhLQU5BR0FXQTERMA8GA1UEBxMIWW9rb2hhbWExEDAOBgNVBAoTB0hJVEFDSEkx\n"
490 "DDAKBgNVBAsTA1NETDEWMBQGA1UEAxMNSVBzZWMgVGVzdCBDQYIQeccIf4GYDIBA\n"
491 "rS6HSUt8XjB7BgNVHR8EdDByMDagNKAyhjBodHRwOi8vZmxvcmEyMjAvQ2VydEVu\n"
492 "cm9sbC9JUHNlYyUyMFRlc3QlMjBDQS5jcmwwOKA2oDSGMmZpbGU6Ly9cXGZsb3Jh\n"
493 "MjIwXENlcnRFbnJvbGxcSVBzZWMlMjBUZXN0JTIwQ0EuY3JsMIGgBggrBgEFBQcB\n"
494 "AQSBkzCBkDBFBggrBgEFBQcwAoY5aHR0cDovL2Zsb3JhMjIwL0NlcnRFbnJvbGwv\n"
495 "ZmxvcmEyMjBfSVBzZWMlMjBUZXN0JTIwQ0EuY3J0MEcGCCsGAQUFBzAChjtmaWxl\n"
496 "Oi8vXFxmbG9yYTIyMFxDZXJ0RW5yb2xsXGZsb3JhMjIwX0lQc2VjJTIwVGVzdCUy\n"
497 "MENBLmNydDANBgkqhkiG9w0BAQUFAANBAG8yZAWHb6g3zba453Hw5loojVDZO6fD\n"
498 "9lCsyaxeo9/+7x1JEEcdZ6qL7KKqe7ZBwza+hIN0ITkp2WEWo22gTz4=\n"
499 "-----END CERTIFICATE-----\n\n",
501 "-----BEGIN CERTIFICATE-----\n"
502 "MIIDXTCCAsagAwIBAgIEOb6khTANBgkqhkiG9w0BAQUFADA4MQswCQYDVQQGEwJV\n"
503 "UzEQMA4GA1UEChMHRW50cnVzdDEXMBUGA1UECxMOVlBOIEludGVyb3AgUk8wHhcN\n"
504 "MDAwOTE4MjMwMDM3WhcNMDMwOTE4MjMzMDM3WjBTMQswCQYDVQQGEwJVUzEQMA4G\n"
505 "A1UEChMHRW50cnVzdDEXMBUGA1UECxMOVlBOIEludGVyb3AgUk8xGTAXBgNVBAMT\n"
506 "EFNob2ljaGkgU2FrYW5lIDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKj3\n"
507 "eXSt1qXxFXzpa265B/NQYk5BZN7pNJg0tlTKBTVV3UgpQ92Bx5DoNfZh11oIv0Sw\n"
508 "6YnG5p9F9ma36U9HDoD3hVTjAvQKy4ssCsnU1y6v5XOU1QvYQo6UTzgsXUTaIau4\n"
509 "Lrccl+nyoiNzy3lG51tLR8CxuA+3OOAK9xPjszClAgMBAAGjggFXMIIBUzBABgNV\n"
510 "HREEOTA3gQ9zYWthbmVAa2FtZS5uZXSHBM6vIHWCHjIwNi0xNzUtMzItMTE3LnZw\n"
511 "bndvcmtzaG9wLmNvbTATBgNVHSUEDDAKBggrBgEFBQgCAjALBgNVHQ8EBAMCAKAw\n"
512 "KwYDVR0QBCQwIoAPMjAwMDA5MTgyMzAwMzdagQ8yMDAyMTAyNTExMzAzN1owWgYD\n"
513 "VR0fBFMwUTBPoE2gS6RJMEcxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFbnRydXN0\n"
514 "MRcwFQYDVQQLEw5WUE4gSW50ZXJvcCBSTzENMAsGA1UEAxMEQ1JMMTAfBgNVHSME\n"
515 "GDAWgBTzVmhu0tBoWKwkZE5mXpooE9630DAdBgNVHQ4EFgQUEgBHPtXggJqei5Xz\n"
516 "92CrWXTJxfAwCQYDVR0TBAIwADAZBgkqhkiG9n0HQQAEDDAKGwRWNS4wAwIEsDAN\n"
517 "BgkqhkiG9w0BAQUFAAOBgQCIFriNGMUE8GH5LuDrTJfA8uGx8vLy2seljuo694TR\n"
518 "et/ojp9QnfOJ1PF9iAdGaEaSLfkwhY4fZNZzxic5HBoHLeo9BXLP7i7FByXjvOZC\n"
519 "Y8++0dC8NVvendIILcJBM5nbDq1TqIbb8K3SP80XhO5JLVJkoZiQftAMjo0peZPO\n"
521 "-----END CERTIFICATE-----\n\n",
526 return (char **)&samplecerts;
529 if (!(sb.st_mode & S_IFDIR)) {
530 printf("ERROR: %s is not directory.\n", path);
534 dirp = opendir(path);
536 printf("opendir failed.\n");
541 while ((dp = readdir(dirp)) != NULL) {
542 if (dp->d_type != DT_REG)
544 if (strcmp(dp->d_name + strlen(dp->d_name) - 4, "cert"))
546 snprintf(buf, sizeof(buf), "%s/%s", path, dp->d_name);
549 p = (char **)realloc(certs, (n + 1) * sizeof(certs));
554 certs[n] = malloc(sb.st_size + 1);
555 if (certs[n] == NULL)
558 fd = open(buf, O_RDONLY);
561 len = read(fd, certs[n], sb.st_size);
564 if (len != sb.st_size)
565 errx(1, "read: length mismatch");
566 certs[n][sb.st_size] = '\0';
569 printf("%s: %d\n", dp->d_name, (int)sb.st_size);
574 p = (char **)realloc(certs, (n + 1) * sizeof(certs));
582 #endif /* CERTTEST_BROKEN */
584 typedef vchar_t* (eay_func) (vchar_t *, vchar_t *, vchar_t *);
587 ciphertest_1 (const char *name,
598 vchar_t *buf, *iv, *res1, *res2;
599 iv = vmalloc(iv_length);
601 printf("Test for cipher %s\n", name);
605 if (data_align <= 1 || (data->l % data_align) == 0)
608 padlen = data_align - data->l % data_align;
610 buf = vmalloc(data->l + padlen);
611 memcpy(buf->v, data->v, data->l);
613 memcpy(iv->v, iv0->v, iv_length);
614 res1 = (encrypt)(buf, key, iv);
616 printf("%s encryption failed.\n", name);
619 printf("encrypted:\n");
622 memcpy(iv->v, iv0->v, iv_length);
623 res2 = (decrypt)(res1, key, iv);
625 printf("%s decryption failed.\n", name);
628 printf("decrypted:\n");
631 if (memcmp(data->v, res2->v, data->l)) {
632 printf("XXXX NG (%s) XXXX\n", name);
636 printf("%s cipher verified.\n", name);
654 printf("\n**Testing CIPHERS**\n");
657 06000017 03000000 73616b61 6e65406b 616d652e 6e657409 0002c104 308202b8 \
660 key.v = str2val("f59bd70f 81b9b9cc 2a32c7fd 229a4b37", 16, &key.l);
661 iv0.v = str2val("26b68c90 9467b4ab 7ec29fa0 0b696b55", 16, &iv0.l);
663 if (ciphertest_1 ("DES",
667 eay_des_encrypt, eay_des_decrypt) < 0)
670 if (ciphertest_1 ("3DES",
674 eay_3des_encrypt, eay_3des_decrypt) < 0)
677 if (ciphertest_1 ("AES",
681 eay_aes_encrypt, eay_aes_decrypt) < 0)
684 if (ciphertest_1 ("BLOWFISH",
688 eay_bf_encrypt, eay_bf_decrypt) < 0)
691 if (ciphertest_1 ("CAST",
695 eay_cast_encrypt, eay_cast_decrypt) < 0)
698 #ifdef HAVE_OPENSSL_IDEA_H
699 if (ciphertest_1 ("IDEA",
703 eay_idea_encrypt, eay_idea_decrypt) < 0)
707 #ifdef HAVE_OPENSSL_RC5_H
708 if (ciphertest_1 ("RC5",
712 eay_rc5_encrypt, eay_rc5_decrypt) < 0)
723 char *keyword = "hehehe test secret!";
724 char *object = "d7e6a6c1876ef0488bb74958b9fee94e";
725 char *object1 = "d7e6a6c1876ef048";
726 char *object2 = "8bb74958b9fee94e";
727 char *r_hmd5 = "5702d7d1 fd1bfc7e 210fc9fa cda7d02c";
728 char *r_hsha1 = "309999aa 9779a43e ebdea839 1b4e7ee1 d8646874";
730 char *r_hsha2 = "d47262d8 a5b6f39d d8686939 411b3e79 ed2e27f9 2c4ea89f dd0a06ae 0c0aa396";
732 vchar_t *key, *data, *data1, *data2, *res;
736 printf("\n**Test for HMAC MD5 & SHA1.**\n");
738 key = vmalloc(strlen(keyword));
739 memcpy(key->v, keyword, key->l);
741 data = vmalloc(strlen(object));
742 data1 = vmalloc(strlen(object1));
743 data2 = vmalloc(strlen(object2));
744 memcpy(data->v, object, data->l);
745 memcpy(data1->v, object1, data1->l);
746 memcpy(data2->v, object2, data2->l);
749 printf("HMAC MD5 by eay_hmacmd5_one()\n");
750 res = eay_hmacmd5_one(key, data);
752 mod.v = str2val(r_hmd5, 16, &mod.l);
753 if (memcmp(res->v, mod.v, mod.l)) {
754 printf(" XXX NG XXX\n");
761 printf("HMAC MD5 by eay_hmacmd5_xxx()\n");
762 ctx = eay_hmacmd5_init(key);
763 eay_hmacmd5_update(ctx, data1);
764 eay_hmacmd5_update(ctx, data2);
765 res = eay_hmacmd5_final(ctx);
767 mod.v = str2val(r_hmd5, 16, &mod.l);
768 if (memcmp(res->v, mod.v, mod.l)) {
769 printf(" XXX NG XXX\n");
777 printf("HMAC SHA2 by eay_hmacsha2_256_one()\n");
778 res = eay_hmacsha2_256_one(key, data);
780 mod.v = str2val(r_hsha2, 16, &mod.l);
781 if (memcmp(res->v, mod.v, mod.l)) {
782 printf(" XXX NG XXX\n");
790 printf("HMAC SHA1 by eay_hmacsha1_one()\n");
791 res = eay_hmacsha1_one(key, data);
793 mod.v = str2val(r_hsha1, 16, &mod.l);
794 if (memcmp(res->v, mod.v, mod.l)) {
795 printf(" XXX NG XXX\n");
802 printf("HMAC SHA1 by eay_hmacsha1_xxx()\n");
803 ctx = eay_hmacsha1_init(key);
804 eay_hmacsha1_update(ctx, data1);
805 eay_hmacsha1_update(ctx, data2);
806 res = eay_hmacsha1_final(ctx);
808 mod.v = str2val(r_hsha1, 16, &mod.l);
809 if (memcmp(res->v, mod.v, mod.l)) {
810 printf(" XXX NG XXX\n");
829 char *word1 = "1234567890", *word2 = "12345678901234567890";
833 printf("\n**Test for SHA1.**\n");
835 ctx = eay_sha1_init();
836 buf = vmalloc(strlen(word1));
837 memcpy(buf->v, word1, buf->l);
838 eay_sha1_update(ctx, buf);
839 eay_sha1_update(ctx, buf);
840 res = eay_sha1_final(ctx);
845 ctx = eay_sha1_init();
846 buf = vmalloc(strlen(word2));
847 memcpy(buf->v, word2, buf->l);
848 eay_sha1_update(ctx, buf);
849 res = eay_sha1_final(ctx);
853 res = eay_sha1_one(buf);
866 char *word1 = "1234567890", *word2 = "12345678901234567890";
870 printf("\n**Test for MD5.**\n");
872 ctx = eay_md5_init();
873 buf = vmalloc(strlen(word1));
874 memcpy(buf->v, word1, buf->l);
875 eay_md5_update(ctx, buf);
876 eay_md5_update(ctx, buf);
877 res = eay_md5_final(ctx);
882 ctx = eay_md5_init();
883 buf = vmalloc(strlen(word2));
884 memcpy(buf->v, word2, buf->l);
885 eay_md5_update(ctx, buf);
886 res = eay_md5_final(ctx);
890 res = eay_md5_one(buf);
907 { "modp768", OAKLEY_PRIME_MODP768, },
908 { "modp1024", OAKLEY_PRIME_MODP1024, },
909 { "modp1536", OAKLEY_PRIME_MODP1536, },
910 { "modp2048", OAKLEY_PRIME_MODP2048, },
911 { "modp3072", OAKLEY_PRIME_MODP3072, },
912 { "modp4096", OAKLEY_PRIME_MODP4096, },
913 { "modp6144", OAKLEY_PRIME_MODP6144, },
914 { "modp8192", OAKLEY_PRIME_MODP8192, },
916 vchar_t p1, *pub1, *priv1, *gxy1;
917 vchar_t p2, *pub2, *priv2, *gxy2;
920 printf("\n**Test for DH.**\n");
922 for (i = 0; i < sizeof(px)/sizeof(px[0]); i++) {
923 printf("\n**Test for DH %s.**\n", px[i].name);
925 p1.v = str2val(px[i].p, 16, &p1.l);
926 p2.v = str2val(px[i].p, 16, &p2.l);
927 printf("prime number = \n"); PVDUMP(&p1);
929 if (eay_dh_generate(&p1, 2, 96, &pub1, &priv1) < 0) {
933 printf("private key for user 1 = \n"); PVDUMP(priv1);
934 printf("public key for user 1 = \n"); PVDUMP(pub1);
936 if (eay_dh_generate(&p2, 2, 96, &pub2, &priv2) < 0) {
940 printf("private key for user 2 = \n"); PVDUMP(priv2);
941 printf("public key for user 2 = \n"); PVDUMP(pub2);
943 /* process to generate key for user 1 */
944 gxy1 = vmalloc(p1.l);
945 memset(gxy1->v, 0, gxy1->l);
946 eay_dh_compute(&p1, 2, pub1, priv1, pub2, &gxy1);
947 printf("sharing gxy1 of user 1 = \n"); PVDUMP(gxy1);
949 /* process to generate key for user 2 */
950 gxy2 = vmalloc(p1.l);
951 memset(gxy2->v, 0, gxy2->l);
952 eay_dh_compute(&p2, 2, pub2, priv2, pub1, &gxy2);
953 printf("sharing gxy2 of user 2 = \n"); PVDUMP(gxy2);
955 if (memcmp(gxy1->v, gxy2->v, gxy1->l)) {
956 printf("ERROR: sharing gxy mismatched.\n");
978 printf("\n**Test for generate a random number.**\n");
980 rn = eay_set_random((u_int32_t)96);
989 int (*func) __P((int, char **));
991 { "random", bntest, },
994 { "sha1", sha1test, },
995 { "hmac", hmactest, },
996 { "cipher", ciphertest, },
997 #ifndef CERTTEST_BROKEN
998 { "cert", certtest, },
1000 { "rsa", rsatest, },
1009 int len = sizeof(func)/sizeof(func[0]);
1014 printf ("\nTestsuite of the %s\nlinked with %s\n\n", TOP_PACKAGE_STRING, eay_version());
1016 if (strcmp(*av, "-h") == 0)
1022 for (i = 0; i < len; i++) {
1023 if ((ac == 0) || (strcmp(*av, func[i].name) == 0)) {
1024 if ((func[i].func)(ac, av) != 0) {
1025 printf ("\n!!!!! Test '%s' failed. !!!!!\n\n", func[i].name);
1035 printf ("\n===== All tests passed =====\n\n");
1043 int len = sizeof(func)/sizeof(func[0]);
1045 printf("Usage: eaytest [");
1046 for (i = 0; i < len; i++)
1047 printf("%s%s", func[i].name, (i<len-1)?"|":"");
1049 #ifndef CERTTEST_BROKEN
1050 printf(" eaytest cert [cert_directory]\n");