int test_octet_consistency()
{
int i,j,len=100;
int len64 = ((len/3) + 2)*4+1, lenHex = 28*len;
char raw[256], bytes[len+1], bytes64[len64+1], bytesHex[lenHex+1], v[len], w[len];
octet V= {0,sizeof(v),v}, W= {0,sizeof(w),w};
csprng rng;
/* Fake random source */
RAND_clean(&rng);
for (i=0; i<256; i++) raw[i]=(char)i;
RAND_seed(&rng,256,raw);
/* test comparison */
for (len = 1; len <= 101; len=len+10)
{
OCT_rand(&W,&rng,len);
OCT_copy(&V,&W);
if(!OCT_comp(&V,&W))
{
printf("ERROR comparing two equal octet, OCTET\n");
exit(EXIT_FAILURE);
}
for (i = 0; i < len; ++i)
{
if(!OCT_ncomp(&V,&W,i))
{
printf("ERROR comparing two equal octet, OCTET\n");
exit(EXIT_FAILURE);
}
}
OCT_rand(&V,&rng,len);
if(OCT_comp(&V,&W))
{
printf("ERROR comparing two different octet, OCTET\n");
exit(EXIT_FAILURE);
}
}
OCT_rand(&W,&rng,0);
OCT_copy(&V,&W);
if(!OCT_comp(&V,&W))
{
printf("ERROR comparing two equal octet, OCTET\n");
exit(EXIT_FAILURE);
}
for (len = 100; len > 0; len=len-10)
{
W.max = len;
V.max = len;
/* test conversion to and from base64 */
for (j = 0; j < 10; ++j)
{
OCT_rand(&W,&rng,len);
OCT_copy(&V,&W);
OCT_tobase64(bytes64,&W);
OCT_frombase64(&W,bytes64);
if(!OCT_comp(&V,&W))
{
printf("ERROR converting to and from base64 OCTET\n");
exit(EXIT_FAILURE);
}
}
/* test conversion to and from hex */
for (i = 0; i < 10; ++i)
{
OCT_rand(&W,&rng,len);
OCT_copy(&V,&W);
OCT_toHex(&W,bytesHex);
OCT_fromHex(&W,bytesHex);
if(!OCT_comp(&V,&W))
{
printf("ERROR converting to and from Hex OCTET\n");
exit(EXIT_FAILURE);
}
}
/* test conversion to and from string */
for (i = 0; i < 10; ++i)
{
OCT_rand(&W,&rng,len);
OCT_copy(&V,&W);
OCT_toStr(&W,bytes);
OCT_jstring(&W,bytes);
if(!OCT_comp(&V,&W))
{
printf("ERROR converting to and from string, OCTET\n");
exit(EXIT_FAILURE);
}
}
}
printf("SUCCESS\n");
return 0;
}
int main()
{
int res,len,sha;
int c,ic;
rsa_public_key_2048 PK;
pktype st,ca,pt;
printf("First check signature on self-signed cert and extract CA public key\n");
OCT_frombase64(&IO,ca_b64);
printf("CA Self-Signed Cert= \n");
OCT_output(&IO);
printf("\n");
st=X509_extract_cert_sig(&IO,&SIG); // returns signature type
if (st.type==0)
{
printf("Unable to extract cert signature\n");
return 0;
}
if (st.type==ECC)
{
OCT_chop(&SIG,&S,SIG.len/2);
OCT_copy(&R,&SIG);
printf("ECC SIG= \n");
OCT_output(&R);
OCT_output(&S);
printf("\n");
}
if (st.type==RSA)
{
printf("RSA SIG= \n");
OCT_output(&SIG);
printf("\n");
}
if (st.hash==H256) printf("Hashed with SHA256\n");
if (st.hash==H384) printf("Hashed with SHA384\n");
if (st.hash==H512) printf("Hashed with SHA512\n");
// Extract Cert from signed Cert
c=X509_extract_cert(&IO,&H);
printf("\nCert= \n");
OCT_output(&H);
printf("\n");
// show some details
printf("Issuer Details\n");
ic=X509_find_issuer(&H);
c=X509_find_entity_property(&H,&ON,ic,&len);
print_out("owner=",&H,c,len);
c=X509_find_entity_property(&H,&CN,ic,&len);
print_out("country=",&H,c,len);
c=X509_find_entity_property(&H,&EN,ic,&len);
print_out("email=",&H,c,len);
printf("\n");
ca=X509_extract_public_key(&H,&CAKEY);
if (ca.type==0)
{
printf("Not supported by library\n");
return 0;
}
if (ca.type!=st.type)
{
printf("Not self-signed\n");
}
if (ca.type==ECC)
{
printf("EXTRACTED ECC PUBLIC KEY= \n");
OCT_output(&CAKEY);
}
if (ca.type==RSA)
{
printf("EXTRACTED RSA PUBLIC KEY= \n");
OCT_output(&CAKEY);
}
printf("\n");
// Cert is self-signed - so check signature
printf("Checking Self-Signed Signature\n");
if (ca.type==ECC)
{
if (ca.curve!=CHOICE)
{
printf("Curve is not supported\n");
return 0;
}
res=ECP_NIST256_PUBLIC_KEY_VALIDATE(1,&CAKEY);
if (res!=0)
{
printf("ECP Public Key is invalid!\n");
return 0;
}
else printf("ECP Public Key is Valid\n");
sha=0;
if (st.hash==H256) sha=SHA256;
if (st.hash==H384) sha=SHA384;
if (st.hash==H512) sha=SHA512;
if (st.hash==0)
{
printf("Hash Function not supported\n");
return 0;
}
if (ECP_NIST256_VP_DSA(sha,&CAKEY,&H,&R,&S)!=0)
{
printf("***ECDSA Verification Failed\n");
return 0;
}
else
printf("ECDSA Signature/Verification succeeded \n");
}
if (ca.type==RSA)
{
if (ca.curve!=2048)
{
printf("RSA bit size is not supported\n");
return 0;
}
PK.e=65537; // assuming this!
RSA_2048_fromOctet(PK.n,&CAKEY);
sha=0;
if (st.hash==H256) sha=SHA256;
if (st.hash==H384) sha=SHA384;
if (st.hash==H512) sha=SHA512;
if (st.hash==0)
{
printf("Hash Function not supported\n");
return 0;
}
PKCS15(sha,&H,&HP);
RSA_2048_ENCRYPT(&PK,&SIG,&HH);
if (OCT_comp(&HP,&HH))
printf("RSA Signature/Verification succeeded \n");
else
{
printf("***RSA Verification Failed\n");
return 0;
}
}
printf("\nNext check CA signature on cert, and extract public key\n");
OCT_frombase64(&IO,cert_b64);
printf("Example Cert= \n");
OCT_output(&IO);
printf("\n");
st=X509_extract_cert_sig(&IO,&SIG);
if (st.type==0)
{
printf("Unable to check cert signature\n");
return 0;
}
if (st.type==ECC)
{
OCT_chop(&SIG,&S,SIG.len/2);
OCT_copy(&R,&SIG);
printf("SIG= \n");
OCT_output(&R);
OCT_output(&S);
printf("\n");
}
if (st.type==RSA)
{
printf("SIG= \n");
OCT_output(&SIG);
printf("\n");
}
c=X509_extract_cert(&IO,&H);
printf("Cert= \n");
OCT_output(&H);
printf("\n");
printf("Subject Details\n");
ic=X509_find_subject(&H);
c=X509_find_entity_property(&H,&ON,ic,&len);
print_out("owner=",&H,c,len);
c=X509_find_entity_property(&H,&CN,ic,&len);
print_out("country=",&H,c,len);
c=X509_find_entity_property(&H,&EN,ic,&len);
print_out("email=",&H,c,len);
printf("\n");
ic=X509_find_validity(&H);
c=X509_find_start_date(&H,ic);
print_date("start date= ",&H,c);
c=X509_find_expiry_date(&H,ic);
print_date("expiry date=",&H,c);
printf("\n");
pt=X509_extract_public_key(&H,&CERTKEY);
if (pt.type==0)
{
printf("Not supported by library\n");
return 0;
}
if (pt.type==ECC)
{
printf("EXTRACTED ECC PUBLIC KEY= \n");
OCT_output(&CERTKEY);
}
if (pt.type==RSA)
{
printf("EXTRACTED RSA PUBLIC KEY= \n");
OCT_output(&CERTKEY);
}
printf("\n");
/* Check CA signature */
if (ca.type==ECC)
{
printf("Checking CA's ECC Signature on Cert\n");
res=ECP_NIST256_PUBLIC_KEY_VALIDATE(1,&CAKEY);
if (res!=0)
printf("ECP Public Key is invalid!\n");
else printf("ECP Public Key is Valid\n");
sha=0;
if (st.hash==H256) sha=SHA256;
if (st.hash==H384) sha=SHA384;
if (st.hash==H512) sha=SHA512;
if (st.hash==0)
{
printf("Hash Function not supported\n");
return 0;
}
if (ECP_NIST256_VP_DSA(sha,&CAKEY,&H,&R,&S)!=0)
printf("***ECDSA Verification Failed\n");
else
printf("ECDSA Signature/Verification succeeded \n");
}
if (ca.type==RSA)
{
printf("Checking CA's RSA Signature on Cert\n");
PK.e=65537; // assuming this!
RSA_2048_fromOctet(PK.n,&CAKEY);
sha=0;
if (st.hash==H256) sha=SHA256;
if (st.hash==H384) sha=SHA384;
if (st.hash==H512) sha=SHA512;
if (st.hash==0)
{
printf("Hash Function not supported\n");
return 0;
}
PKCS15(sha,&H,&HP);
RSA_2048_ENCRYPT(&PK,&SIG,&HH);
if (OCT_comp(&HP,&HH))
printf("RSA Signature/Verification succeeded \n");
else
printf("***RSA Verification Failed\n");
}
return 0;
}
