int test_octet_consistency() { int i,j,len=100; int len64 = ((len/3) + 2)*4+1, lenHex = 28*len; char raw[256], bytes[len+1], bytes64[len64+1], bytesHex[lenHex+1], v[len], w[len]; octet V= {0,sizeof(v),v}, W= {0,sizeof(w),w}; csprng rng; /* Fake random source */ RAND_clean(&rng); for (i=0; i<256; i++) raw[i]=(char)i; RAND_seed(&rng,256,raw); /* test comparison */ for (len = 1; len <= 101; len=len+10) { OCT_rand(&W,&rng,len); OCT_copy(&V,&W); if(!OCT_comp(&V,&W)) { printf("ERROR comparing two equal octet, OCTET\n"); exit(EXIT_FAILURE); } for (i = 0; i < len; ++i) { if(!OCT_ncomp(&V,&W,i)) { printf("ERROR comparing two equal octet, OCTET\n"); exit(EXIT_FAILURE); } } OCT_rand(&V,&rng,len); if(OCT_comp(&V,&W)) { printf("ERROR comparing two different octet, OCTET\n"); exit(EXIT_FAILURE); } } OCT_rand(&W,&rng,0); OCT_copy(&V,&W); if(!OCT_comp(&V,&W)) { printf("ERROR comparing two equal octet, OCTET\n"); exit(EXIT_FAILURE); } for (len = 100; len > 0; len=len-10) { W.max = len; V.max = len; /* test conversion to and from base64 */ for (j = 0; j < 10; ++j) { OCT_rand(&W,&rng,len); OCT_copy(&V,&W); OCT_tobase64(bytes64,&W); OCT_frombase64(&W,bytes64); if(!OCT_comp(&V,&W)) { printf("ERROR converting to and from base64 OCTET\n"); exit(EXIT_FAILURE); } } /* test conversion to and from hex */ for (i = 0; i < 10; ++i) { OCT_rand(&W,&rng,len); OCT_copy(&V,&W); OCT_toHex(&W,bytesHex); OCT_fromHex(&W,bytesHex); if(!OCT_comp(&V,&W)) { printf("ERROR converting to and from Hex OCTET\n"); exit(EXIT_FAILURE); } } /* test conversion to and from string */ for (i = 0; i < 10; ++i) { OCT_rand(&W,&rng,len); OCT_copy(&V,&W); OCT_toStr(&W,bytes); OCT_jstring(&W,bytes); if(!OCT_comp(&V,&W)) { printf("ERROR converting to and from string, OCTET\n"); exit(EXIT_FAILURE); } } } printf("SUCCESS\n"); return 0; }
int main() { int res,len,sha; int c,ic; rsa_public_key_2048 PK; pktype st,ca,pt; printf("First check signature on self-signed cert and extract CA public key\n"); OCT_frombase64(&IO,ca_b64); printf("CA Self-Signed Cert= \n"); OCT_output(&IO); printf("\n"); st=X509_extract_cert_sig(&IO,&SIG); // returns signature type if (st.type==0) { printf("Unable to extract cert signature\n"); return 0; } if (st.type==ECC) { OCT_chop(&SIG,&S,SIG.len/2); OCT_copy(&R,&SIG); printf("ECC SIG= \n"); OCT_output(&R); OCT_output(&S); printf("\n"); } if (st.type==RSA) { printf("RSA SIG= \n"); OCT_output(&SIG); printf("\n"); } if (st.hash==H256) printf("Hashed with SHA256\n"); if (st.hash==H384) printf("Hashed with SHA384\n"); if (st.hash==H512) printf("Hashed with SHA512\n"); // Extract Cert from signed Cert c=X509_extract_cert(&IO,&H); printf("\nCert= \n"); OCT_output(&H); printf("\n"); // show some details printf("Issuer Details\n"); ic=X509_find_issuer(&H); c=X509_find_entity_property(&H,&ON,ic,&len); print_out("owner=",&H,c,len); c=X509_find_entity_property(&H,&CN,ic,&len); print_out("country=",&H,c,len); c=X509_find_entity_property(&H,&EN,ic,&len); print_out("email=",&H,c,len); printf("\n"); ca=X509_extract_public_key(&H,&CAKEY); if (ca.type==0) { printf("Not supported by library\n"); return 0; } if (ca.type!=st.type) { printf("Not self-signed\n"); } if (ca.type==ECC) { printf("EXTRACTED ECC PUBLIC KEY= \n"); OCT_output(&CAKEY); } if (ca.type==RSA) { printf("EXTRACTED RSA PUBLIC KEY= \n"); OCT_output(&CAKEY); } printf("\n"); // Cert is self-signed - so check signature printf("Checking Self-Signed Signature\n"); if (ca.type==ECC) { if (ca.curve!=CHOICE) { printf("Curve is not supported\n"); return 0; } res=ECP_NIST256_PUBLIC_KEY_VALIDATE(1,&CAKEY); if (res!=0) { printf("ECP Public Key is invalid!\n"); return 0; } else printf("ECP Public Key is Valid\n"); sha=0; if (st.hash==H256) sha=SHA256; if (st.hash==H384) sha=SHA384; if (st.hash==H512) sha=SHA512; if (st.hash==0) { printf("Hash Function not supported\n"); return 0; } if (ECP_NIST256_VP_DSA(sha,&CAKEY,&H,&R,&S)!=0) { printf("***ECDSA Verification Failed\n"); return 0; } else printf("ECDSA Signature/Verification succeeded \n"); } if (ca.type==RSA) { if (ca.curve!=2048) { printf("RSA bit size is not supported\n"); return 0; } PK.e=65537; // assuming this! RSA_2048_fromOctet(PK.n,&CAKEY); sha=0; if (st.hash==H256) sha=SHA256; if (st.hash==H384) sha=SHA384; if (st.hash==H512) sha=SHA512; if (st.hash==0) { printf("Hash Function not supported\n"); return 0; } PKCS15(sha,&H,&HP); RSA_2048_ENCRYPT(&PK,&SIG,&HH); if (OCT_comp(&HP,&HH)) printf("RSA Signature/Verification succeeded \n"); else { printf("***RSA Verification Failed\n"); return 0; } } printf("\nNext check CA signature on cert, and extract public key\n"); OCT_frombase64(&IO,cert_b64); printf("Example Cert= \n"); OCT_output(&IO); printf("\n"); st=X509_extract_cert_sig(&IO,&SIG); if (st.type==0) { printf("Unable to check cert signature\n"); return 0; } if (st.type==ECC) { OCT_chop(&SIG,&S,SIG.len/2); OCT_copy(&R,&SIG); printf("SIG= \n"); OCT_output(&R); OCT_output(&S); printf("\n"); } if (st.type==RSA) { printf("SIG= \n"); OCT_output(&SIG); printf("\n"); } c=X509_extract_cert(&IO,&H); printf("Cert= \n"); OCT_output(&H); printf("\n"); printf("Subject Details\n"); ic=X509_find_subject(&H); c=X509_find_entity_property(&H,&ON,ic,&len); print_out("owner=",&H,c,len); c=X509_find_entity_property(&H,&CN,ic,&len); print_out("country=",&H,c,len); c=X509_find_entity_property(&H,&EN,ic,&len); print_out("email=",&H,c,len); printf("\n"); ic=X509_find_validity(&H); c=X509_find_start_date(&H,ic); print_date("start date= ",&H,c); c=X509_find_expiry_date(&H,ic); print_date("expiry date=",&H,c); printf("\n"); pt=X509_extract_public_key(&H,&CERTKEY); if (pt.type==0) { printf("Not supported by library\n"); return 0; } if (pt.type==ECC) { printf("EXTRACTED ECC PUBLIC KEY= \n"); OCT_output(&CERTKEY); } if (pt.type==RSA) { printf("EXTRACTED RSA PUBLIC KEY= \n"); OCT_output(&CERTKEY); } printf("\n"); /* Check CA signature */ if (ca.type==ECC) { printf("Checking CA's ECC Signature on Cert\n"); res=ECP_NIST256_PUBLIC_KEY_VALIDATE(1,&CAKEY); if (res!=0) printf("ECP Public Key is invalid!\n"); else printf("ECP Public Key is Valid\n"); sha=0; if (st.hash==H256) sha=SHA256; if (st.hash==H384) sha=SHA384; if (st.hash==H512) sha=SHA512; if (st.hash==0) { printf("Hash Function not supported\n"); return 0; } if (ECP_NIST256_VP_DSA(sha,&CAKEY,&H,&R,&S)!=0) printf("***ECDSA Verification Failed\n"); else printf("ECDSA Signature/Verification succeeded \n"); } if (ca.type==RSA) { printf("Checking CA's RSA Signature on Cert\n"); PK.e=65537; // assuming this! RSA_2048_fromOctet(PK.n,&CAKEY); sha=0; if (st.hash==H256) sha=SHA256; if (st.hash==H384) sha=SHA384; if (st.hash==H512) sha=SHA512; if (st.hash==0) { printf("Hash Function not supported\n"); return 0; } PKCS15(sha,&H,&HP); RSA_2048_ENCRYPT(&PK,&SIG,&HH); if (OCT_comp(&HP,&HH)) printf("RSA Signature/Verification succeeded \n"); else printf("***RSA Verification Failed\n"); } return 0; }