1/* $KAME: eaytest.c,v 1.39 2001/12/12 18:23:42 sakane Exp $ */ 2 3/* 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32#include <sys/types.h> 33#include <sys/stat.h> 34#include <sys/socket.h> 35 36#include <netinet/in.h> 37 38#include <stdlib.h> 39#include <stdio.h> 40#include <string.h> 41#include <limits.h> 42#include <dirent.h> 43#include <fcntl.h> 44#include <unistd.h> 45#include <err.h> 46 47#include <openssl/bio.h> 48#include <openssl/pem.h> 49 50#include "var.h" 51#include "vmbuf.h" 52#include "misc.h" 53#include "debug.h" 54#include "str2val.h" 55 56#include "oakley.h" 57#include "dhgroup.h" 58#include "crypto_openssl.h" 59 60#define PVDUMP(var) hexdump((var)->v, (var)->l) 61 62u_int32_t loglevel = 4; 63 64/* prototype */ 65 66void rsatest __P((int, char **)); 67static vchar_t *pem_read_buf __P((char *)); 68void certtest __P((int, char **)); 69static char **getcerts __P((char *)); 70void ciphertest __P((int, char **)); 71void hmactest __P((int, char **)); 72void sha2test __P((int, char **)); 73void sha1test __P((int, char **)); 74void md5test __P((int, char **)); 75void dhtest __P((int, char **)); 76void bntest __P((int, char **)); 77void Usage __P((void)); 78 79/* test */ 80 81void 82rsatest(ac, av) 83 int ac; 84 char **av; 85{ 86 char *text = "this is test."; 87 vchar_t src; 88 vchar_t *priv, *pub, *sig; 89 int error; 90 91 char *pkcs1 = 92"-----BEGIN RSA PRIVATE KEY-----\n" 93"MIICXQIBAAKBgQChe5/Fzk9SA0vCKBOcu9jBcLb9oLv50PeuEfQojhakY+OH8A3Q\n" 94"M8A0qIDG6uhTNGPvzCWb/+mKeOB48n5HJpLxlDFyP3kyd2yXHIZ/MN8g1nh4FsB0\n" 95"iTkk8QUCJkkan6FCOBrIeLEsGA5AdodzuR+khnCMt8vO+NFHZYKAQeynyQIDAQAB\n" 96"AoGAOfDcnCHxjhDGrwyoNNWl6Yqi7hAtQm67YAbrH14UO7nnmxAENM9MyNgpFLaW\n" 97"07v5m8IZQIcradcDXAJOUwNBN8E06UflwEYCaScIwndvr5UpVlN3e2NC6Wyg2yC7\n" 98"GarxQput3zj35XNR5bK42UneU0H6zDxpHWqI1SwE+ToAHu0CQQDNl9gUJTpg0L09\n" 99"HkbE5jeb8bA5I20nKqBOBP0v5tnzpwu41umQwk9I7Ru0ucD7j+DW4k8otadW+FnI\n" 100"G1M1MpSjAkEAyRMt4bN8otfpOpsOQWzw4jQtouohOxRFCrQTntHhU20PrQnQLZWs\n" 101"pOVzqCjRytYtkPEUA1z8QK5gGcVPcOQsowJBALmt2rwPB1NrEo5Bat7noO+Zb3Ob\n" 102"WDiYWeE8xkHd95gDlSWiC53ur9aINo6ZeP556jGIgL+el/yHHecJLrQL84sCQH48\n" 103"zUxq/C/cb++8UzneJGlPqusiJNTLiAENR1gpmlZfHT1c8Nb9phMsfu0vG29GAfuC\n" 104"bzchVLljALCNQK+2gRMCQQCNIgN+R9mRWZhFAcC1sq++YnuSBlw4VwdL/fd1Yg9e\n" 105"Ul+U98yPl/NXt8Rs4TRBFcOZjkFI8xv0hQtevTgTmgz+\n" 106"-----END RSA PRIVATE KEY-----\n\n"; 107 char *pubkey = 108"-----BEGIN PUBLIC KEY-----\n" 109"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChe5/Fzk9SA0vCKBOcu9jBcLb9\n" 110"oLv50PeuEfQojhakY+OH8A3QM8A0qIDG6uhTNGPvzCWb/+mKeOB48n5HJpLxlDFy\n" 111"P3kyd2yXHIZ/MN8g1nh4FsB0iTkk8QUCJkkan6FCOBrIeLEsGA5AdodzuR+khnCM\n" 112"t8vO+NFHZYKAQeynyQIDAQAB\n" 113"-----END PUBLIC KEY-----\n\n"; 114 115 priv = pem_read_buf(pkcs1); 116 117 src.v = text; 118 src.l = strlen(text); 119 120 /* sign */ 121 sig = eay_rsa_sign(&src, priv); 122 if (sig == NULL) 123 printf("sign failed. %s\n", eay_strerror()); 124 printf("RSA signed data.\n"); 125 PVDUMP(sig); 126 127 /* verify */ 128 pub = pem_read_buf(pubkey); 129 error = eay_rsa_verify(&src, sig, pub); 130 if (error) 131 printf("verifying failed.\n"); 132 else 133 printf("verified.\n"); 134} 135 136static vchar_t * 137pem_read_buf(buf) 138 char *buf; 139{ 140 BIO *bio; 141 char *nm = NULL, *header = NULL; 142 unsigned char *data = NULL; 143 long len; 144 vchar_t *ret; 145 int error; 146 147 bio = BIO_new_mem_buf(buf, strlen(buf)); 148 error = PEM_read_bio(bio, &nm, &header, &data, &len); 149 if (error == 0) 150 errx(1, "%s", eay_strerror()); 151 ret = vmalloc(len); 152 if (ret == NULL) 153 err(1, "vmalloc"); 154 memcpy(ret->v, data, len); 155 156 return ret; 157} 158 159void 160certtest(ac, av) 161 int ac; 162 char **av; 163{ 164 char *certpath; 165 char **certs; 166 int type; 167 int error; 168 169 printf("\n**Test for Certificate.**\n"); 170 171 { 172 char dnstr[] = "C=JP, ST=Kanagawa, L=Fujisawa, O=WIDE Project, OU=KAME Project, CN=Shoichi Sakane/Email=sakane@kame.net"; 173 vchar_t *asn1dn = NULL, asn1dn0; 174 char dn0[] = { 175 0x30,0x81,0x9a,0x31,0x0b,0x30,0x09,0x06, 176 0x03,0x55,0x04,0x06,0x13,0x02,0x4a,0x50, 177 0x31,0x11,0x30,0x0f,0x06,0x03,0x55,0x04, 178 0x08,0x13,0x08,0x4b,0x61,0x6e,0x61,0x67, 179 0x61,0x77,0x61,0x31,0x11,0x30,0x0f,0x06, 180 0x03,0x55,0x04,0x07,0x13,0x08,0x46,0x75, 181 0x6a,0x69,0x73,0x61,0x77,0x61,0x31,0x15, 182 0x30,0x13,0x06,0x03,0x55,0x04,0x0a,0x13, 183 0x0c,0x57,0x49,0x44,0x45,0x20,0x50,0x72, 184 0x6f,0x6a,0x65,0x63,0x74,0x31,0x15,0x30, 185 0x13,0x06,0x03,0x55,0x04,0x0b,0x13,0x0c, 186 0x4b,0x41,0x4d,0x45,0x20,0x50,0x72,0x6f, 187 0x6a,0x65,0x63,0x74,0x31,0x17,0x30,0x15, 188 0x06,0x03,0x55,0x04,0x03,0x13,0x0e,0x53, 189 0x68,0x6f,0x69,0x63,0x68,0x69,0x20,0x53, 190 0x61,0x6b,0x61,0x6e,0x65,0x31,0x1e,0x30, 191 0x1c,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7, 192 0x0d,0x01,0x09,0x01, 193 0x0c, 194 0x0f,0x73,0x61, 195 0x6b,0x61,0x6e,0x65,0x40,0x6b,0x61,0x6d, 196 0x65,0x2e,0x6e,0x65,0x74, 197 }; 198 199 printf("check to convert the string into subjectName.\n"); 200 printf("%s\n", dnstr); 201 202 asn1dn0.v = dn0; 203 asn1dn0.l = sizeof(dn0); 204 205 asn1dn = eay_str2asn1dn(dnstr, sizeof(dnstr)); 206 if (asn1dn == NULL || asn1dn->l != asn1dn0.l) 207 errx(1, "asn1dn length mismatched.\n"); 208 209 /* 210 * NOTE: The value pointed by "<==" above is different from the 211 * return of eay_str2asn1dn(). but eay_cmp_asn1dn() can distinguish 212 * both of the names are same name. 213 */ 214 if (eay_cmp_asn1dn(&asn1dn0, asn1dn)) 215 errx(1, "asn1dn mismatched.\n"); 216 vfree(asn1dn); 217 218 printf("succeed.\n"); 219 } 220 221 eay_init_error(); 222 223 /* get certs */ 224 if (ac > 1) { 225 certpath = *(av + 1); 226 certs = getcerts(certpath); 227 } else { 228 printf("\nCAUTION: These certificates are probably invalid " 229 "on your environment because you don't have their " 230 "issuer's certs in your environment.\n\n"); 231 232 certpath = "/usr/local/openssl/certs"; 233 certs = getcerts(NULL); 234 } 235 236 while (*certs != NULL) { 237 238 vchar_t c; 239 char *str; 240 vchar_t *vstr; 241 242 printf("===CERT===\n"); 243 244 c.v = *certs; 245 c.l = strlen(*certs); 246 247 /* print text */ 248 str = eay_get_x509text(&c); 249 printf("%s", str); 250 racoon_free(str); 251 252 /* print ASN.1 of subject name */ 253 vstr = eay_get_x509asn1subjectname(&c); 254 if (!vstr) 255 return; 256 PVDUMP(vstr); 257 printf("\n"); 258 vfree(vstr); 259 260 /* print subject alt name */ 261 { 262 int pos; 263 for (pos = 1; ; pos++) { 264 error = eay_get_x509subjectaltname(&c, &str, &type, pos); 265 if (error) { 266 printf("no subjectaltname found.\n"); 267 break; 268 } 269 if (!str) 270 break; 271 printf("SubjectAltName: %d: %s\n", type, str); 272 racoon_free(str); 273 } 274 } 275 276 error = eay_check_x509cert(&c, certpath); 277 if (error) 278 printf("ERROR: cert is invalid.\n"); 279 printf("\n"); 280 281 certs++; 282 } 283} 284 285static char ** 286getcerts(path) 287 char *path; 288{ 289 char **certs = NULL, **p; 290 DIR *dirp; 291 struct dirent *dp; 292 struct stat sb; 293 char buf[512]; 294 int len; 295 int n; 296 int fd; 297 298 static char *samplecerts[] = { 299/* self signed */ 300"-----BEGIN CERTIFICATE-----\n" 301"MIICpTCCAg4CAQAwDQYJKoZIhvcNAQEEBQAwgZoxCzAJBgNVBAYTAkpQMREwDwYD\n" 302"VQQIEwhLYW5hZ2F3YTERMA8GA1UEBxMIRnVqaXNhd2ExFTATBgNVBAoTDFdJREUg\n" 303"UHJvamVjdDEVMBMGA1UECxMMS0FNRSBQcm9qZWN0MRcwFQYDVQQDEw5TaG9pY2hp\n" 304"IFNha2FuZTEeMBwGCSqGSIb3DQEJARYPc2FrYW5lQGthbWUubmV0MB4XDTAwMDgy\n" 305"NDAxMzc0NFoXDTAwMDkyMzAxMzc0NFowgZoxCzAJBgNVBAYTAkpQMREwDwYDVQQI\n" 306"EwhLYW5hZ2F3YTERMA8GA1UEBxMIRnVqaXNhd2ExFTATBgNVBAoTDFdJREUgUHJv\n" 307"amVjdDEVMBMGA1UECxMMS0FNRSBQcm9qZWN0MRcwFQYDVQQDEw5TaG9pY2hpIFNh\n" 308"a2FuZTEeMBwGCSqGSIb3DQEJARYPc2FrYW5lQGthbWUubmV0MIGfMA0GCSqGSIb3\n" 309"DQEBAQUAA4GNADCBiQKBgQCpIQG/H3zn4czAmPBcbkDrYxE1A9vcpghpib3Of0Op\n" 310"SsiWIBOyIMiVAzK/I/JotWp3Vdn5fzGp/7DGAbWXAALas2xHkNmTMPpu6qhmNQ57\n" 311"kJHZHal24mgc1hwbrI9fb5olvIexx9a1riNPnKMRVHzXYizsyMbf+lJJmZ8QFhWN\n" 312"twIDAQABMA0GCSqGSIb3DQEBBAUAA4GBACKs6X/BYycuHI3iop403R3XWMHHnNBN\n" 313"5XTHVWiWgR1cMWkq/dp51gn+nPftpdAaYGpqGkiHGhZcXLoBaX9uON3p+7av+sQN\n" 314"plXwnvUf2Zsgu+fojskS0gKcDlYiq1O8TOaBgJouFZgr1q6PiYjVEJGogAP28+HN\n" 315"M4o+GBFbFoqK\n" 316"-----END CERTIFICATE-----\n\n", 317/* signed by SSH testing CA + CA1 + CA2 */ 318"-----BEGIN X509 CERTIFICATE-----\n" 319"MIICtTCCAj+gAwIBAgIEOaR8NjANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJG\n" 320"STEkMCIGA1UEChMbU1NIIENvbW11bmljYXRpb25zIFNlY3VyaXR5MREwDwYDVQQL\n" 321"EwhXZWIgdGVzdDEbMBkGA1UEAxMSVGVzdCBDQSAxIHN1YiBjYSAyMB4XDTAwMDgy\n" 322"NDAwMDAwMFoXDTAwMTAwMTAwMDAwMFowgZoxCzAJBgNVBAYTAkpQMREwDwYDVQQI\n" 323"EwhLYW5hZ2F3YTERMA8GA1UEBxMIRnVqaXNhd2ExFTATBgNVBAoTDFdJREUgUHJv\n" 324"amVjdDEVMBMGA1UECxMMS0FNRSBQcm9qZWN0MRcwFQYDVQQDEw5TaG9pY2hpIFNh\n" 325"a2FuZTEeMBwGCSqGSIb3DQEJAQwPc2FrYW5lQGthbWUubmV0MIGfMA0GCSqGSIb3\n" 326"DQEBAQUAA4GNADCBiQKBgQCpIQG/H3zn4czAmPBcbkDrYxE1A9vcpghpib3Of0Op\n" 327"SsiWIBOyIMiVAzK/I/JotWp3Vdn5fzGp/7DGAbWXAALas2xHkNmTMPpu6qhmNQ57\n" 328"kJHZHal24mgc1hwbrI9fb5olvIexx9a1riNPnKMRVHzXYizsyMbf+lJJmZ8QFhWN\n" 329"twIDAQABo18wXTALBgNVHQ8EBAMCBaAwGgYDVR0RBBMwEYEPc2FrYW5lQGthbWUu\n" 330"bmV0MDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9sZGFwLnNzaC5maS9jcmxzL2Nh\n" 331"MS0yLmNybDANBgkqhkiG9w0BAQUFAANhADtaqual41OWshF/rwCTuR6zySBJysGp\n" 332"+qjkp5efCiYKhAu1L4WXlMsV/SNdzspui5tHasPBvUw8gzFsU/VW/B2zuQZkimf1\n" 333"u6ZPjUb/vt8vLOPScP5MeH7xrTk9iigsqQ==\n" 334"-----END X509 CERTIFICATE-----\n\n", 335/* VP100 */ 336"-----BEGIN CERTIFICATE-----\n" 337"MIICXzCCAcigAwIBAgIEOXGBIzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJG\n" 338"STEkMCIGA1UEChMbU1NIIENvbW11bmljYXRpb25zIFNlY3VyaXR5MREwDwYDVQQL\n" 339"EwhXZWIgdGVzdDESMBAGA1UEAxMJVGVzdCBDQSAxMB4XDTAwMDcxNjAwMDAwMFoX\n" 340"DTAwMDkwMTAwMDAwMFowNTELMAkGA1UEBhMCanAxETAPBgNVBAoTCHRhaGl0ZXN0\n" 341"MRMwEQYDVQQDEwpmdXJ1a2F3YS0xMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKB\n" 342"gQDUmI2RaAuoLvtRDbASwRhbkj/Oq0BBIKgAqbFknc/EanJSQwZQu82gD88nf7gG\n" 343"VEioWmKPLDuEjz5JCuM+k5f7HYHI1wWmz1KFr7UA+avZm4Kp6YKnhuH7soZp7kBL\n" 344"hTiZEpL0jdmCWLW3ZXoro55rmPrBsCd+bt8VU6tRZm5dUwIBKaNZMFcwCwYDVR0P\n" 345"BAQDAgWgMBYGA1UdEQQPMA2CBVZQMTAwhwQKFIaFMDAGA1UdHwQpMCcwJaAjoCGG\n" 346"H2h0dHA6Ly9sZGFwLnNzaC5maS9jcmxzL2NhMS5jcmwwDQYJKoZIhvcNAQEFBQAD\n" 347"gYEAKJ/2Co/KYW65mwpGG3CBvsoRL8xyUMHGt6gQpFLHiiHuAdix1ADTL6uoFuYi\n" 348"4sE5omQm1wKVv2ZhS03zDtUfKoVEv0HZ7IY3AU/FZT/M5gQvbt43Dki/ma3ock2I\n" 349"PPhbLsvXm+GCVh3jvkYGk1zr7VERVeTPtmT+hW63lcxfFp4=\n" 350"-----END CERTIFICATE-----\n\n", 351/* IKED */ 352"-----BEGIN CERTIFICATE-----\n" 353"MIIEFTCCA7+gAwIBAgIKYU5X6AAAAAAACTANBgkqhkiG9w0BAQUFADCBljEpMCcG\n" 354"CSqGSIb3DQEJARYaeS13YXRhbmFAc2RsLmhpdGFjaGkuY28uanAxCzAJBgNVBAYT\n" 355"AkpQMREwDwYDVQQIEwhLQU5BR0FXQTERMA8GA1UEBxMIWW9rb2hhbWExEDAOBgNV\n" 356"BAoTB0hJVEFDSEkxDDAKBgNVBAsTA1NETDEWMBQGA1UEAxMNSVBzZWMgVGVzdCBD\n" 357"QTAeFw0wMDA3MTUwMjUxNDdaFw0wMTA3MTUwMzAxNDdaMEUxCzAJBgNVBAYTAkpQ\n" 358"MREwDwYDVQQIEwhLQU5BR0FXQTEQMA4GA1UEChMHSElUQUNISTERMA8GA1UEAxMI\n" 359"V0FUQU5BQkUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA6Wja5A7Ldzrtx+rMWHEB\n" 360"Cyt+/ZoG0qdFQbuuUiU1vOSq+1f+ZSCYAdTq13Lrr6Xfz3jDVFEZLPID9PSTFwq+\n" 361"yQIDAQABo4ICPTCCAjkwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUF\n" 362"CAICMB0GA1UdDgQWBBTkv7/MH5Ra+S1zBAmnUIH5w8ZTUTCB0gYDVR0jBIHKMIHH\n" 363"gBQsF2qoaTl5F3GFLKrttaxPJ8j4faGBnKSBmTCBljEpMCcGCSqGSIb3DQEJARYa\n" 364"eS13YXRhbmFAc2RsLmhpdGFjaGkuY28uanAxCzAJBgNVBAYTAkpQMREwDwYDVQQI\n" 365"EwhLQU5BR0FXQTERMA8GA1UEBxMIWW9rb2hhbWExEDAOBgNVBAoTB0hJVEFDSEkx\n" 366"DDAKBgNVBAsTA1NETDEWMBQGA1UEAxMNSVBzZWMgVGVzdCBDQYIQeccIf4GYDIBA\n" 367"rS6HSUt8XjB7BgNVHR8EdDByMDagNKAyhjBodHRwOi8vZmxvcmEyMjAvQ2VydEVu\n" 368"cm9sbC9JUHNlYyUyMFRlc3QlMjBDQS5jcmwwOKA2oDSGMmZpbGU6Ly9cXGZsb3Jh\n" 369"MjIwXENlcnRFbnJvbGxcSVBzZWMlMjBUZXN0JTIwQ0EuY3JsMIGgBggrBgEFBQcB\n" 370"AQSBkzCBkDBFBggrBgEFBQcwAoY5aHR0cDovL2Zsb3JhMjIwL0NlcnRFbnJvbGwv\n" 371"ZmxvcmEyMjBfSVBzZWMlMjBUZXN0JTIwQ0EuY3J0MEcGCCsGAQUFBzAChjtmaWxl\n" 372"Oi8vXFxmbG9yYTIyMFxDZXJ0RW5yb2xsXGZsb3JhMjIwX0lQc2VjJTIwVGVzdCUy\n" 373"MENBLmNydDANBgkqhkiG9w0BAQUFAANBAG8yZAWHb6g3zba453Hw5loojVDZO6fD\n" 374"9lCsyaxeo9/+7x1JEEcdZ6qL7KKqe7ZBwza+hIN0ITkp2WEWo22gTz4=\n" 375"-----END CERTIFICATE-----\n\n", 376/* From Entrust */ 377"-----BEGIN CERTIFICATE-----\n" 378"MIIDXTCCAsagAwIBAgIEOb6khTANBgkqhkiG9w0BAQUFADA4MQswCQYDVQQGEwJV\n" 379"UzEQMA4GA1UEChMHRW50cnVzdDEXMBUGA1UECxMOVlBOIEludGVyb3AgUk8wHhcN\n" 380"MDAwOTE4MjMwMDM3WhcNMDMwOTE4MjMzMDM3WjBTMQswCQYDVQQGEwJVUzEQMA4G\n" 381"A1UEChMHRW50cnVzdDEXMBUGA1UECxMOVlBOIEludGVyb3AgUk8xGTAXBgNVBAMT\n" 382"EFNob2ljaGkgU2FrYW5lIDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKj3\n" 383"eXSt1qXxFXzpa265B/NQYk5BZN7pNJg0tlTKBTVV3UgpQ92Bx5DoNfZh11oIv0Sw\n" 384"6YnG5p9F9ma36U9HDoD3hVTjAvQKy4ssCsnU1y6v5XOU1QvYQo6UTzgsXUTaIau4\n" 385"Lrccl+nyoiNzy3lG51tLR8CxuA+3OOAK9xPjszClAgMBAAGjggFXMIIBUzBABgNV\n" 386"HREEOTA3gQ9zYWthbmVAa2FtZS5uZXSHBM6vIHWCHjIwNi0xNzUtMzItMTE3LnZw\n" 387"bndvcmtzaG9wLmNvbTATBgNVHSUEDDAKBggrBgEFBQgCAjALBgNVHQ8EBAMCAKAw\n" 388"KwYDVR0QBCQwIoAPMjAwMDA5MTgyMzAwMzdagQ8yMDAyMTAyNTExMzAzN1owWgYD\n" 389"VR0fBFMwUTBPoE2gS6RJMEcxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFbnRydXN0\n" 390"MRcwFQYDVQQLEw5WUE4gSW50ZXJvcCBSTzENMAsGA1UEAxMEQ1JMMTAfBgNVHSME\n" 391"GDAWgBTzVmhu0tBoWKwkZE5mXpooE9630DAdBgNVHQ4EFgQUEgBHPtXggJqei5Xz\n" 392"92CrWXTJxfAwCQYDVR0TBAIwADAZBgkqhkiG9n0HQQAEDDAKGwRWNS4wAwIEsDAN\n" 393"BgkqhkiG9w0BAQUFAAOBgQCIFriNGMUE8GH5LuDrTJfA8uGx8vLy2seljuo694TR\n" 394"et/ojp9QnfOJ1PF9iAdGaEaSLfkwhY4fZNZzxic5HBoHLeo9BXLP7i7FByXjvOZC\n" 395"Y8++0dC8NVvendIILcJBM5nbDq1TqIbb8K3SP80XhO5JLVJkoZiQftAMjo0peZPO\n" 396"EQ==\n" 397"-----END CERTIFICATE-----\n\n", 398 NULL, 399 }; 400 401 if (path == NULL) 402 return (char **)&samplecerts; 403 404 stat(path, &sb); 405 if (!(sb.st_mode & S_IFDIR)) { 406 printf("ERROR: %s is not directory.\n", path); 407 exit(0); 408 } 409 410 dirp = opendir(path); 411 if (dirp == NULL) { 412 printf("opendir failed.\n"); 413 exit(0); 414 } 415 416 n = 0; 417 while ((dp = readdir(dirp)) != NULL) { 418 if (dp->d_type != DT_REG) 419 continue; 420 if (strcmp(dp->d_name + strlen(dp->d_name) - 4, "cert")) 421 continue; 422 snprintf(buf, sizeof(buf), "%s/%s", path, dp->d_name); 423 stat(buf, &sb); 424 425 p = (char **)realloc(certs, (n + 1) * sizeof(certs)); 426 if (p == NULL) 427 err(1, "realloc"); 428 certs = p; 429 430 certs[n] = malloc(sb.st_size + 1); 431 if (certs[n] == NULL) 432 err(1, "malloc"); 433 434 fd = open(buf, O_RDONLY); 435 if (fd == -1) 436 err(1, "open"); 437 len = read(fd, certs[n], sb.st_size); 438 if (len == -1) 439 err(1, "read"); 440 if (len != sb.st_size) 441 errx(1, "read: length mismatch"); 442 certs[n][sb.st_size] = '\0'; 443 close(fd); 444 445 printf("%s: %d\n", dp->d_name, (int)sb.st_size); 446 447 n++; 448 } 449 450 p = (char **)realloc(certs, (n + 1) * sizeof(certs)); 451 if (p == NULL) 452 err(1, "realloc"); 453 certs = p; 454 certs[n] = NULL; 455 456 return certs; 457} 458 459void 460ciphertest(ac, av) 461 int ac; 462 char **av; 463{ 464 vchar_t data; 465 vchar_t key; 466 vchar_t iv0; 467 vchar_t *res1, *res2, *iv; 468 469 printf("\n**Test for CIPHER.**\n"); 470 471 data.v = str2val("\ 47206000017 03000000 73616b61 6e65406b 616d652e 6e657409 0002c104 308202b8 \ 47304f05a90 \ 474 ", 16, &data.l); 475 key.v = str2val("f59bd70f 81b9b9cc 2a32c7fd 229a4b37", 16, &key.l); 476 iv0.v = str2val("26b68c90 9467b4ab 7ec29fa0 0b696b55", 16, &iv0.l); 477 478 iv = vmalloc(8); 479 480 /* des */ 481 printf("DES\n"); 482 printf("data:\n"); 483 PVDUMP(&data); 484 485 memcpy(iv->v, iv0.v, 8); 486 res1 = eay_des_encrypt(&data, &key, iv); 487 printf("encrypto:\n"); 488 PVDUMP(res1); 489 490 memcpy(iv->v, iv0.v, 8); 491 res2 = eay_des_decrypt(res1, &key, iv); 492 printf("decrypto:\n"); 493 PVDUMP(res2); 494 495 if (memcmp(data.v, res2->v, data.l)) 496 printf("XXX NG XXX\n"); 497 vfree(res1); 498 vfree(res2); 499 500#ifdef HAVE_OPENSSL_IDEA_H 501 /* idea */ 502 printf("IDEA\n"); 503 printf("data:\n"); 504 PVDUMP(&data); 505 506 memcpy(iv->v, iv0.v, 8); 507 res1 = eay_idea_encrypt(&data, &key, iv); 508 printf("encrypto:\n"); 509 PVDUMP(res1); 510 511 memcpy(iv->v, iv0.v, 8); 512 res2 = eay_idea_decrypt(res1, &key, iv); 513 printf("decrypto:\n"); 514 PVDUMP(res2); 515 516 if (memcmp(data.v, res2->v, data.l)) 517 printf("XXX NG XXX\n"); 518 vfree(res1); 519 vfree(res2); 520#endif 521 522 /* blowfish */ 523 printf("BLOWFISH\n"); 524 printf("data:\n"); 525 PVDUMP(&data); 526 527 memcpy(iv->v, iv0.v, 8); 528 res1 = eay_bf_encrypt(&data, &key, iv); 529 printf("encrypto:\n"); 530 PVDUMP(res1); 531 532 memcpy(iv->v, iv0.v, 8); 533 res2 = eay_bf_decrypt(res1, &key, iv); 534 printf("decrypto:\n"); 535 PVDUMP(res2); 536 537 if (memcmp(data.v, res2->v, data.l)) 538 printf("XXX NG XXX\n"); 539 vfree(res1); 540 vfree(res2); 541 542#ifdef HAVE_OPENSSL_RC5_H 543 /* rc5 */ 544 printf("RC5\n"); 545 printf("data:\n"); 546 PVDUMP(&data); 547 548 memcpy(iv->v, iv0.v, 8); 549 res1 = eay_bf_encrypt(&data, &key, iv); 550 printf("encrypto:\n"); 551 PVDUMP(res1); 552 553 memcpy(iv->v, iv0.v, 8); 554 res2 = eay_bf_decrypt(res1, &key, iv); 555 printf("decrypto:\n"); 556 PVDUMP(res2); 557 558 if (memcmp(data.v, res2->v, data.l)) 559 printf("XXX NG XXX\n"); 560 vfree(res1); 561 vfree(res2); 562#endif 563 564 /* 3des */ 565 printf("3DES\n"); 566 printf("data:\n"); 567 PVDUMP(&data); 568 569 memcpy(iv->v, iv0.v, 8); 570 res1 = eay_3des_encrypt(&data, &key, iv); 571 printf("encrypto:\n"); 572 if (res1) 573 PVDUMP(res1); 574 575 memcpy(iv->v, iv0.v, 8); 576 res2 = eay_3des_decrypt(res1, &key, iv); 577 printf("decrypto:\n"); 578 if (res1) 579 PVDUMP(res2); 580 581 if (res2 && memcmp(data.v, res2->v, data.l)) 582 printf("XXX NG XXX\n"); 583 vfree(res1); 584 vfree(res2); 585 586 /* cast */ 587 printf("CAST\n"); 588 printf("data:\n"); 589 PVDUMP(&data); 590 591 memcpy(iv->v, iv0.v, 8); 592 res1 = eay_cast_encrypt(&data, &key, iv); 593 printf("encrypto:\n"); 594 PVDUMP(res1); 595 596 memcpy(iv->v, iv0.v, 8); 597 res2 = eay_cast_decrypt(res1, &key, iv); 598 printf("decrypto:\n"); 599 PVDUMP(res2); 600 601 if (memcmp(data.v, res2->v, data.l)) 602 printf("XXX NG XXX\n"); 603 vfree(res1); 604 vfree(res2); 605 606 /* aes */ 607 iv = vrealloc(iv, 16); 608 609 printf("AES\n"); 610 printf("data:\n"); 611 PVDUMP(&data); 612 613 { 614 vchar_t *buf; 615 int padlen = 16 - data.l % 16; 616 buf = vmalloc(data.l + padlen); 617 memcpy(buf->v, data.v, data.l); 618 619 memcpy(iv->v, iv0.v, 16); 620 res1 = eay_aes_encrypt(buf, &key, iv); 621 printf("encrypto:\n"); 622 PVDUMP(res1); 623 624 memcpy(iv->v, iv0.v, 16); 625 res2 = eay_aes_decrypt(res1, &key, iv); 626 printf("decrypto:\n"); 627 PVDUMP(res2); 628 629 if (memcmp(data.v, res2->v, data.l)) 630 printf("XXX NG XXX\n"); 631 vfree(res1); 632 vfree(res2); 633 } 634} 635 636void 637hmactest(ac, av) 638 int ac; 639 char **av; 640{ 641 char *keyword = "hehehe test secret!"; 642 char *object = "d7e6a6c1876ef0488bb74958b9fee94e"; 643 char *object1 = "d7e6a6c1876ef048"; 644 char *object2 = "8bb74958b9fee94e"; 645 char *r_hmd5 = "5702d7d1 fd1bfc7e 210fc9fa cda7d02c"; 646 char *r_hsha1 = "309999aa 9779a43e ebdea839 1b4e7ee1 d8646874"; 647 char *r_hsha2 = "d47262d8 a5b6f39d d8686939 411b3e79 ed2e27f9 2c4ea89f dd0a06ae 0c0aa396"; 648 vchar_t *key, *data, *data1, *data2, *res; 649 vchar_t mod; 650 caddr_t ctx; 651 652 printf("\n**Test for HMAC MD5 & SHA1.**\n"); 653 654 key = vmalloc(strlen(keyword)); 655 memcpy(key->v, keyword, key->l); 656 657 data = vmalloc(strlen(object)); 658 data1 = vmalloc(strlen(object1)); 659 data2 = vmalloc(strlen(object2)); 660 memcpy(data->v, object, data->l); 661 memcpy(data1->v, object1, data1->l); 662 memcpy(data2->v, object2, data2->l); 663 664 /* HMAC MD5 */ 665 printf("HMAC MD5 by eay_hmacmd5_one()\n"); 666 res = eay_hmacmd5_one(key, data); 667 PVDUMP(res); 668 mod.v = str2val(r_hmd5, 16, &mod.l); 669 if (memcmp(res->v, mod.v, mod.l)) 670 printf(" XXX NG XXX\n"); 671 free(mod.v); 672 vfree(res); 673 674 /* HMAC MD5 */ 675 printf("HMAC MD5 by eay_hmacmd5_xxx()\n"); 676 ctx = eay_hmacmd5_init(key); 677 eay_hmacmd5_update(ctx, data1); 678 eay_hmacmd5_update(ctx, data2); 679 res = eay_hmacmd5_final(ctx); 680 PVDUMP(res); 681 mod.v = str2val(r_hmd5, 16, &mod.l); 682 if (memcmp(res->v, mod.v, mod.l)) 683 printf(" XXX NG XXX\n"); 684 free(mod.v); 685 vfree(res); 686 687 /* HMAC SHA2 */ 688 printf("HMAC SHA2 by eay_hmacsha2_256_one()\n"); 689 res = eay_hmacsha2_256_one(key, data); 690 PVDUMP(res); 691 mod.v = str2val(r_hsha2, 16, &mod.l); 692 if (memcmp(res->v, mod.v, mod.l)) 693 printf(" XXX NG XXX\n"); 694 free(mod.v); 695 vfree(res); 696 697 /* HMAC SHA1 */ 698 printf("HMAC SHA1 by eay_hmacsha1_one()\n"); 699 res = eay_hmacsha1_one(key, data); 700 PVDUMP(res); 701 mod.v = str2val(r_hsha1, 16, &mod.l); 702 if (memcmp(res->v, mod.v, mod.l)) 703 printf(" XXX NG XXX\n"); 704 free(mod.v); 705 vfree(res); 706 707 /* HMAC MD5 */ 708 printf("HMAC SHA1 by eay_hmacsha1_xxx()\n"); 709 ctx = eay_hmacsha1_init(key); 710 eay_hmacsha1_update(ctx, data1); 711 eay_hmacsha1_update(ctx, data2); 712 res = eay_hmacsha1_final(ctx); 713 PVDUMP(res); 714 mod.v = str2val(r_hsha1, 16, &mod.l); 715 if (memcmp(res->v, mod.v, mod.l)) 716 printf(" XXX NG XXX\n"); 717 free(mod.v); 718 vfree(res); 719 720 vfree(data); 721 vfree(data1); 722 vfree(data2); 723 vfree(key); 724} 725 726void 727sha1test(ac, av) 728 int ac; 729 char **av; 730{ 731 char *word1 = "1234567890", *word2 = "12345678901234567890"; 732 caddr_t ctx; 733 vchar_t *buf, *res; 734 735 printf("\n**Test for SHA1.**\n"); 736 737 ctx = eay_sha1_init(); 738 buf = vmalloc(strlen(word1)); 739 memcpy(buf->v, word1, buf->l); 740 eay_sha1_update(ctx, buf); 741 eay_sha1_update(ctx, buf); 742 res = eay_sha1_final(ctx); 743 PVDUMP(res); 744 vfree(res); 745 vfree(buf); 746 747 ctx = eay_sha1_init(); 748 buf = vmalloc(strlen(word2)); 749 memcpy(buf->v, word2, buf->l); 750 eay_sha1_update(ctx, buf); 751 res = eay_sha1_final(ctx); 752 PVDUMP(res); 753 vfree(res); 754 755 res = eay_sha1_one(buf); 756 PVDUMP(res); 757 vfree(res); 758 vfree(buf); 759} 760 761void 762md5test(ac, av) 763 int ac; 764 char **av; 765{ 766 char *word1 = "1234567890", *word2 = "12345678901234567890"; 767 caddr_t ctx; 768 vchar_t *buf, *res; 769 770 printf("\n**Test for MD5.**\n"); 771 772 ctx = eay_md5_init(); 773 buf = vmalloc(strlen(word1)); 774 memcpy(buf->v, word1, buf->l); 775 eay_md5_update(ctx, buf); 776 eay_md5_update(ctx, buf); 777 res = eay_md5_final(ctx); 778 PVDUMP(res); 779 vfree(res); 780 vfree(buf); 781 782 ctx = eay_md5_init(); 783 buf = vmalloc(strlen(word2)); 784 memcpy(buf->v, word2, buf->l); 785 eay_md5_update(ctx, buf); 786 res = eay_md5_final(ctx); 787 PVDUMP(res); 788 vfree(res); 789 790 res = eay_md5_one(buf); 791 PVDUMP(res); 792 vfree(res); 793 vfree(buf); 794} 795 796void 797dhtest(ac, av) 798 int ac; 799 char **av; 800{ 801 static struct { 802 char *name; 803 char *p; 804 } px[] = { 805 { "modp768", OAKLEY_PRIME_MODP768, }, 806 { "modp1024", OAKLEY_PRIME_MODP1024, }, 807 { "modp1536", OAKLEY_PRIME_MODP1536, }, 808 { "modp2048", OAKLEY_PRIME_MODP2048, }, 809 { "modp3072", OAKLEY_PRIME_MODP3072, }, 810 { "modp4096", OAKLEY_PRIME_MODP4096, }, 811 { "modp6144", OAKLEY_PRIME_MODP6144, }, 812 { "modp8192", OAKLEY_PRIME_MODP8192, }, 813 }; 814 vchar_t p1, *pub1, *priv1, *gxy1; 815 vchar_t p2, *pub2, *priv2, *gxy2; 816 int i; 817 818 printf("\n**Test for DH.**\n"); 819 820 for (i = 0; i < sizeof(px)/sizeof(px[0]); i++) { 821 printf("\n**Test for DH %s.**\n", px[i].name); 822 823 p1.v = str2val(px[i].p, 16, &p1.l); 824 p2.v = str2val(px[i].p, 16, &p2.l); 825 printf("prime number = \n"); PVDUMP(&p1); 826 827 if (eay_dh_generate(&p1, 2, 96, &pub1, &priv1) < 0) { 828 printf("error\n"); 829 return; 830 } 831 printf("private key for user 1 = \n"); PVDUMP(priv1); 832 printf("public key for user 1 = \n"); PVDUMP(pub1); 833 834 if (eay_dh_generate(&p2, 2, 96, &pub2, &priv2) < 0) { 835 printf("error\n"); 836 return; 837 } 838 printf("private key for user 2 = \n"); PVDUMP(priv2); 839 printf("public key for user 2 = \n"); PVDUMP(pub2); 840 841 /* process to generate key for user 1 */ 842 gxy1 = vmalloc(p1.l); 843 memset(gxy1->v, 0, gxy1->l); 844 eay_dh_compute(&p1, 2, pub1, priv1, pub2, &gxy1); 845 printf("sharing gxy1 of user 1 = \n"); PVDUMP(gxy1); 846 847 /* process to generate key for user 2 */ 848 gxy2 = vmalloc(p1.l); 849 memset(gxy2->v, 0, gxy2->l); 850 eay_dh_compute(&p2, 2, pub2, priv2, pub1, &gxy2); 851 printf("sharing gxy2 of user 2 = \n"); PVDUMP(gxy2); 852 853 if (memcmp(gxy1->v, gxy2->v, gxy1->l)) 854 printf("ERROR: sharing gxy mismatched.\n"); 855 856 vfree(pub1); 857 vfree(pub2); 858 vfree(priv1); 859 vfree(priv2); 860 vfree(gxy1); 861 vfree(gxy2); 862 } 863 864 return; 865} 866 867void 868bntest(ac, av) 869 int ac; 870 char **av; 871{ 872 vchar_t *rn; 873 874 printf("\n**Test for generate a random number.**\n"); 875 876 rn = eay_set_random((u_int32_t)96); 877 PVDUMP(rn); 878 vfree(rn); 879} 880 881struct { 882 char *name; 883 void (*func) __P((int, char **)); 884} func[] = { 885 { "random", bntest, }, 886 { "dh", dhtest, }, 887 { "md5", md5test, }, 888 { "sha1", sha1test, }, 889 { "hmac", hmactest, }, 890 { "cipher", ciphertest, }, 891 { "cert", certtest, }, 892 { "rsa", rsatest, }, 893}; 894 895int 896main(ac, av) 897 int ac; 898 char **av; 899{ 900 int i; 901 int len = sizeof(func)/sizeof(func[0]); 902 903 if (strcmp(*av, "-h") == 0) { 904 printf("Usage: eaytest ["); 905 for (i = 0; i < len; i++) { 906 printf("%s", func[i].name); 907 if (i != len) 908 printf("|"); 909 } 910 printf("]\n"); 911 Usage(); 912 } 913 914 ac--; 915 av++; 916 917 if (ac == 0) { 918 for (i = 0; i < len; i++) 919 (func[i].func)(ac, av); 920 } else { 921 for (i = 0; i < len; i++) { 922 if (strcmp(*av, func[i].name) == 0) { 923 (func[i].func)(ac, av); 924 break; 925 } 926 } 927 if (i == len) 928 Usage(); 929 } 930 931 exit(0); 932} 933 934void 935Usage() 936{ 937 printf("Usage: eaytest [dh|md5|sha1|hmac|cipher]\n"); 938 printf(" eaytest cert [cert_directory]\n"); 939 exit(0); 940} 941