abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-13 20:06:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update tests and tools

Browse Source
This commit is contained in:
Zhi Guan
2022-03-16 15:12:29 +08:00
parent 2c2425d230
commit ea4cc6585c
52 changed files with 3600 additions and 3216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

531
tests/x509test.c
View File

@@ -50,282 +50,397 @@
#include <string.h>
#include <stdlib.h>
#include <gmssl/oid.h>
#include <gmssl/x509_alg.h>
#include <gmssl/x509_oid.h>
#include <gmssl/x509.h>
#include <gmssl/rand.h>
#include <gmssl/error.h>
#if 0
static int test_x509_validity(void)
static int test_x509_version(void)
{
int err = 0;
X509_VALIDITY validity;
uint8_t buf[64] = {0};
const uint8_t *cp = buf;
int tests[] = {
X509_version_v1,
X509_version_v2,
X509_version_v3,
-1,
};
uint8_t buf[256];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len = 0;
size_t i;
printf("%s\n", __FUNCTION__);
memset(&validity, 0, sizeof(X509_VALIDITY));
format_print(stderr, 0, 0, "Version\n");
for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
if (x509_explicit_version_to_der(i, tests[i], &p, &len) < 0) {
error_print();
return -1;
}
format_bytes(stderr, 0, 4, "", buf, len);
}
for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
int ver;
if (x509_explicit_version_from_der(i, &ver, &cp, &len) < 0
|| asn1_check(ver == tests[i]) != 1) {
error_print();
return -1;
}
format_print(stderr, 0, 4, "%s\n", x509_version_name(ver));
}
(void)asn1_length_is_zero(len);
printf("%s() ok\n", __FUNCTION__);
return 0;
}
x509_validity_set_days(&validity, time(NULL), 365 * 10);
x509_validity_to_der(&validity, &p, &len);
print_der(buf, len);
printf("\n");
memset(&validity, 0, sizeof(X509_VALIDITY));
x509_validity_from_der(&validity, &cp, &len);
x509_validity_print(stdout, &validity, 0, 0);
static int test_x509_validity(void)
{
time_t not_before, not_before_;
time_t not_after, not_after_;
uint8_t buf[256];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len = 0;
size_t i;
printf("\n");
return err;
time(&not_before);
format_print(stderr, 0, 0, "Validity\n");
if (x509_validity_add_days(&not_after, not_before, 365) != 1
|| x509_validity_to_der(not_before, not_after, &p, &len) != 1) {
error_print();
return -1;
}
format_bytes(stderr, 0, 4, "", buf, len);
if (x509_validity_from_der(&not_before_, &not_after_, &cp, &len) != 1
|| asn1_check(not_before == not_before_) != 1
|| asn1_check(not_after == not_after_) != 1
|| asn1_length_is_zero(len) != 1) {
error_print();
return 1;
}
printf("%s() ok\n", __FUNCTION__);
return 0;
}
static int test_x509_attr_type_and_value(void)
{
int oid;
int tag;
const uint8_t *d;
size_t dlen;
uint8_t buf[256];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len = 0;
format_print(stderr, 0, 0, "AttributeTypeAndValue\n");
if (x509_attr_type_and_value_to_der(OID_at_locality_name, ASN1_TAG_PrintableString, (uint8_t *)"Haidian", strlen("Haidian"), &p, &len) != 1) {
error_print();
return -1;
}
format_bytes(stderr, 0, 4, "", buf, len);
if (x509_attr_type_and_value_from_der(&oid, &tag, &d, &dlen, &cp, &len) != 1
|| asn1_check(oid == OID_at_locality_name) != 1
|| asn1_check(tag == ASN1_TAG_PrintableString) != 1
|| asn1_check(dlen == strlen("Haidian")) != 1
|| asn1_check(memcmp("Haidian", d, dlen) == 0) != 1
|| asn1_length_is_zero(len) != 1) {
error_print();
return -1;
}
format_print(stderr, 0, 4, "%s : %s ", x509_name_type_name(oid), asn1_tag_name(tag));
format_string(stderr, 0, 0, "", d, dlen);
printf("%s() ok\n", __FUNCTION__);
return 0;
}
static int test_x509_rdn(void)
{
int oid;
int tag;
const uint8_t *d;
size_t dlen;
const uint8_t *more;
size_t morelen;
uint8_t buf[256];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len = 0;
format_print(stderr, 0, 0, "RDN\n");
if (x509_rdn_to_der(OID_at_locality_name, ASN1_TAG_PrintableString,
(uint8_t *)"Haidian", strlen("Haidian"), NULL, 0, &p, &len) != 1) {
error_print();
return -1;
}
format_bytes(stderr, 0, 4, "", buf, len);
if (x509_rdn_from_der(&oid, &tag, &d, &dlen, &more, &morelen, &cp, &len) != 1
|| asn1_check(oid == OID_at_locality_name) != 1
|| asn1_check(tag == ASN1_TAG_PrintableString) != 1
|| asn1_check(dlen == strlen("Haidian")) != 1
|| asn1_check(memcmp("Haidian", d, dlen) == 0) != 1
|| asn1_check(more == NULL) != 1
|| asn1_check(morelen == 0) != 1
|| asn1_length_is_zero(len) != 1) {
error_print();
return -1;
}
format_print(stderr, 0, 4, "%s : %s ", x509_name_type_name(oid), asn1_tag_name(tag));
format_string(stderr, 0, 0, "", d, dlen);
printf("%s() ok\n", __FUNCTION__);
return 0;
}
static int test_x509_name(void)
{
int err = 0;
X509_NAME name;
uint8_t name[512];
size_t namelen = 0;
uint8_t buf[1024];
const uint8_t *cp = buf;
uint8_t *p = buf;
size_t len = 0;
printf("%s\n", __FUNCTION__);
memset(&name, 0, sizeof(X509_NAME));
x509_name_add_rdn(&name, OID_at_countryName, ASN1_TAG_PrintableString, "CN");
x509_name_add_rdn(&name, OID_at_stateOrProvinceName, ASN1_TAG_PrintableString, "Beijing");
x509_name_add_rdn(&name, OID_at_organizationName, ASN1_TAG_PrintableString, "PKU");
x509_name_add_rdn(&name, OID_at_organizationalUnitName, ASN1_TAG_PrintableString, "CS");
x509_name_add_rdn(&name, OID_at_commonName, ASN1_TAG_PrintableString, "infosec");
if (x509_name_to_der(&name, &p, &len) != 1) {
if (x509_name_add_country_name(name, &namelen, sizeof(name), "CN") != 1
|| format_bytes(stderr, 0, 4, "", name, namelen) > 2
|| x509_name_add_locality_name(name, &namelen, sizeof(name), ASN1_TAG_PrintableString, (uint8_t *)"Haidian", strlen("Haidian")) != 1
|| format_bytes(stderr, 0, 4, "", name, namelen) > 2
|| x509_name_add_state_or_province_name(name, &namelen, sizeof(name), ASN1_TAG_PrintableString, (uint8_t *)"Beijing", strlen("Beijing")) != 1
|| format_bytes(stderr, 0, 4, "", name, namelen) > 2
|| x509_name_add_organization_name(name, &namelen, sizeof(name), ASN1_TAG_PrintableString, (uint8_t *)"PKU", strlen("PKU")) != 1
|| format_bytes(stderr, 0, 4, "", name, namelen) > 2
|| x509_name_add_organizational_unit_name(name, &namelen, sizeof(name), ASN1_TAG_PrintableString, (uint8_t *)"CS", strlen("CS")) != 1
|| format_bytes(stderr, 0, 4, "", name, namelen) > 2
|| x509_name_add_common_name(name, &namelen, sizeof(name), ASN1_TAG_PrintableString, (uint8_t *)"CA", strlen("CA")) != 1
|| format_bytes(stderr, 0, 4, "", name, namelen) > 2
) {
error_print();
err++;
goto end;
return 1;
}
print_der(buf, len);
printf("\n");
if (x509_name_from_der(&name, &cp, &len) != 1
|| len > 0) {
error_print();
err++;
goto end;
}
x509_name_print(stdout, &name, 0, 0);
end:
printf("\n");
return err;
}
static int test_x509_signature_algor(int oid)
{
int err = 0;
int tests[] = {OID_sm2sign_with_sm3, OID_rsasign_with_sm3};
int val;
uint32_t nodes[32];
size_t nodes_count;
uint8_t buf[128];
const uint8_t *cp = buf;
uint8_t *p = buf;
size_t len = 0;
size_t i;
printf("%s\n", __FUNCTION__);
for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
printf("%s\n", asn1_object_identifier_name(tests[i]));
}
for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
if (x509_signature_algor_to_der(tests[i], &p, &len) != 1) {
error_print();
err++;
goto end;
}
print_der(buf, len);
printf("\n");
}
for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
if (x509_signature_algor_from_der(&val, nodes, &nodes_count, &cp, &len) != 1) {
error_print();
err++;
goto end;
}
if (val != tests[i]) {
error_print();
err++;
goto end;
}
printf("%s\n", asn1_object_identifier_name(tests[i]));
}
end:
printf("\n");
return err;
format_bytes(stdout, 0, 0, "der ", name, namelen);
x509_name_print(stdout, 0, 0, "Name", name, namelen);
return 0;
}
static int test_x509_public_key_info(void)
{
int err = 0;
SM2_KEY key;
X509_PUBLIC_KEY_INFO pkey_info;
SM2_KEY sm2_key;
SM2_KEY pub_key;
uint8_t buf[256];
const uint8_t *cp = buf;
uint8_t *p = buf;
size_t len = 0;
const uint8_t *d;
size_t dlen;
printf("%s\n", __FUNCTION__);
sm2_keygen(&key);
x509_public_key_info_set_sm2(&pkey_info, &key);
if (x509_public_key_info_to_der(&pkey_info, &p, &len) != 1) {
if (sm2_key_generate(&sm2_key) != 1
|| x509_public_key_info_to_der(&sm2_key, &p, &len) != 1
|| asn1_sequence_from_der(&d, &dlen, &cp, &len) != 1
|| asn1_length_is_zero(len) != 1) {
error_print();
return -1;
return 1;
}
print_der(buf, len);
printf("\n");
if (x509_public_key_info_from_der(&pkey_info, &cp, &len) != 1
|| len > 0) {
x509_public_key_info_print(stdout, 0, 0, "PublicKeyInfo", d, dlen);
if (sm2_key_generate(&sm2_key) != 1
|| x509_public_key_info_to_der(&sm2_key, &p, &len) != 1
|| x509_public_key_info_from_der(&pub_key, &cp, &len) != 1
|| asn1_length_is_zero(len) != 1) {
error_print();
return -1;
return 1;
}
sm2_public_key_print(stdout, 0, 8, "ECPublicKey", &pub_key);
x509_public_key_info_print(stdout, &pkey_info, 0, 0);
printf("\n");
return err;
printf("%s() ok\n", __FUNCTION__);
return 0;
}
static int test_x509_certificate(void)
static int set_x509_name(uint8_t *name, size_t *namelen, size_t maxlen)
{
int err = 0;
X509_CERTIFICATE _cert, *cert = &_cert;
int rv;
int version = X509_version_v3;
uint8_t sn[12];
X509_NAME issuer;
X509_NAME subject;
time_t not_before;
*namelen = 0;
if (x509_name_add_country_name(name, namelen, maxlen, "CN") != 1
|| x509_name_add_locality_name(name, namelen, maxlen, ASN1_TAG_PrintableString, (uint8_t *)"Haidian", strlen("Haidian")) != 1
|| x509_name_add_state_or_province_name(name, namelen, maxlen, ASN1_TAG_PrintableString, (uint8_t *)"Beijing", strlen("Beijing")) != 1
|| x509_name_add_organization_name(name, namelen, maxlen, ASN1_TAG_PrintableString, (uint8_t *)"PKU", strlen("PKU")) != 1
|| x509_name_add_organizational_unit_name(name, namelen, maxlen, ASN1_TAG_PrintableString, (uint8_t *)"CS", strlen("CS")) != 1
|| x509_name_add_common_name(name, namelen, maxlen, ASN1_TAG_PrintableString, (uint8_t *)"CA", strlen("CA")) != 1) {
error_print();
return -1;
}
return 1;
}
SM2_KEY key;
uint8_t buf[2048] = {0};
static int test_x509_tbs_cert(void)
{
uint8_t serial[20] = { 0x01, 0x00 };
size_t serial_len;
uint8_t issuer[256];
size_t issuer_len = 0;
time_t not_before, not_after;
uint8_t subject[256];
size_t subject_len = 0;
SM2_KEY sm2_key;
uint8_t buf[1024] = {0};
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len = 0;
const uint8_t *d;
size_t dlen;
printf("%s\n", __FUNCTION__);
memset(cert, 0, sizeof(X509_CERTIFICATE));
rand_bytes(sn, sizeof(sn));
memset(&issuer, 0, sizeof(X509_NAME));
// add_rdn 应该用一个ex来支持长度
x509_name_add_rdn(&issuer, OID_at_countryName, ASN1_TAG_PrintableString, "CN");
x509_name_add_rdn(&issuer, OID_at_stateOrProvinceName, ASN1_TAG_PrintableString, "Beijing");
x509_name_add_rdn(&issuer, OID_at_organizationName, ASN1_TAG_PrintableString, "PKU");
x509_name_add_rdn(&issuer, OID_at_organizationalUnitName, ASN1_TAG_PrintableString, "CS");
x509_name_add_rdn(&issuer, OID_at_commonName, ASN1_TAG_PrintableString, "CA");
memset(&subject, 0, sizeof(X509_NAME));
x509_name_add_rdn(&subject, OID_at_countryName, ASN1_TAG_PrintableString, "CN");
x509_name_add_rdn(&subject, OID_at_stateOrProvinceName, ASN1_TAG_PrintableString, "Beijing");
x509_name_add_rdn(&subject, OID_at_organizationName, ASN1_TAG_PrintableString, "PKU");
x509_name_add_rdn(&subject, OID_at_organizationalUnitName, ASN1_TAG_PrintableString, "CS");
x509_name_add_rdn(&subject, OID_at_commonName, ASN1_TAG_PrintableString, "infosec");
set_x509_name(issuer, &issuer_len, sizeof(issuer));
time(&not_before);
x509_validity_add_days(&not_after, not_before, 365);
set_x509_name(subject, &subject_len, sizeof(subject));
sm2_key_generate(&sm2_key);
rv = x509_certificate_set_version(cert, version);
rv = x509_certificate_set_serial_number(cert, sn, sizeof(sn));
rv = x509_certificate_set_signature_algor(cert, OID_sm2sign_with_sm3); // 这个不是应该在设置公钥的时候一起设置吗?
rv = x509_certificate_set_issuer(cert, &issuer);
rv = x509_certificate_set_subject(cert, &subject);
rv = x509_certificate_set_validity(cert, not_before, 365);
if (x509_tbs_cert_to_der(
X509_version_v3,
serial, sizeof(serial),
OID_sm2sign_with_sm3,
issuer, issuer_len,
not_before, not_after,
subject, subject_len,
&sm2_key,
NULL, 0,
NULL, 0,
NULL, 0,
&p, &len) != 1) {
error_print();
return -1;
}
format_bytes(stderr, 0, 0, "tbs_cert", buf, len);
if (asn1_sequence_from_der(&d, &dlen, &cp, &len) != 1
|| asn1_length_is_zero(len) != 1) {
error_print();
return -1;
}
x509_tbs_cert_print(stderr, 0, 4, "TBSCertificate", d, dlen);
sm2_keygen(&key);
rv = x509_certificate_set_subject_public_key_info_sm2(cert, &key);
return 0;
}
static int test_x509_cert_get(const uint8_t *cert, size_t certlen)
{
const uint8_t *serial;
size_t serial_len;
const uint8_t *issuer;
size_t issuer_len;
const uint8_t *subject;
size_t subject_len;
SM2_KEY public_key;
if (x509_cert_get_issuer_and_serial_number(cert, certlen, &issuer, &issuer_len, &serial, &serial_len) != 1
|| x509_cert_get_subject(cert, certlen, &subject, &subject_len) != 1
|| x509_cert_get_subject_public_key(cert, certlen, &public_key) != 1) {
error_print();
return -1;
}
format_bytes(stderr, 0, 4, "SerialNumber", serial, serial_len);
x509_name_print(stderr, 0, 4, "Issuer", issuer, issuer_len);
x509_name_print(stderr, 0, 4, "Subject", subject, subject_len);
sm2_public_key_print(stderr, 0, 4, "SubjectPublicKey", &public_key);
return 0;
}
static int test_x509_cert(void)
{
uint8_t serial[20] = { 0x01, 0x00 };
size_t serial_len;
uint8_t issuer[256];
size_t issuer_len = 0;
time_t not_before, not_after;
uint8_t subject[256];
size_t subject_len = 0;
SM2_KEY sm2_key;
uint8_t cert[1024] = {0};
uint8_t *p = cert;
const uint8_t *cp = cert;
size_t certlen = 0;
set_x509_name(issuer, &issuer_len, sizeof(issuer));
time(&not_before);
x509_validity_add_days(&not_after, not_before, 365);
set_x509_name(subject, &subject_len, sizeof(subject));
sm2_key_generate(&sm2_key);
if (x509_cert_sign(
cert, &certlen, sizeof(cert),
X509_version_v3,
serial, sizeof(serial),
OID_sm2sign_with_sm3,
issuer, issuer_len,
not_before, not_after,
subject, subject_len,
&sm2_key,
NULL, 0,
NULL, 0,
NULL, 0,
&sm2_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID)) != 1) {
error_print();
return -1;
}
format_bytes(stderr, 0, 4, "cert", cert, certlen);
x509_cert_print(stderr, 0, 4, "Certificate", cert, certlen);
if (x509_cert_verify(cert, certlen, &sm2_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID)) != 1) {
error_print();
return -1;
}
printf("x509_cert_verify() success\n");
test_x509_cert_get(cert, certlen);
rv = x509_certificate_generate_subject_key_identifier(cert, 1);
FILE *fp;
if (!(fp = fopen("cert.pem", "w"))) {
error_print();
return -1;
}
x509_cert_to_pem(cert, certlen, fp);
x509_cert_to_pem(cert, certlen, stderr);
fclose(fp);
rv = x509_certificate_sign_sm2(cert, &key);
if (!(fp = fopen("cert.pem", "r"))) {
error_print();
return -1;
}
rv = x509_certificate_to_der(cert, &p, &len);
print_der(buf, len);
printf("\n");
memset(cert, 0, sizeof(X509_CERTIFICATE));
x509_certificate_from_der(cert, &cp, &len);
x509_certificate_print(stdout, cert, 0, 0);
memset(cert, 0, sizeof(cert));
if (x509_cert_from_pem(cert, &certlen, sizeof(cert), fp) != 1) {
error_print();
return -1;
}
x509_cert_print(stderr, 0, 4, "Certificate", cert, certlen);
return 0;
}
static int test_x509_cert_request(void)
{
int err = 0;
X509_CERT_REQUEST req;
X509_NAME subject;
SM2_KEY keypair;
uint8_t buf[256];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len = 0;
printf("%s : \n", __func__);
memset(&subject, 0, sizeof(X509_NAME));
x509_name_add_rdn(&subject, OID_at_countryName, ASN1_TAG_PrintableString, "CN");
x509_name_add_rdn(&subject, OID_at_stateOrProvinceName, ASN1_TAG_PrintableString, "Beijing");
x509_name_add_rdn(&subject, OID_at_organizationName, ASN1_TAG_PrintableString, "PKU");
x509_name_add_rdn(&subject, OID_at_organizationalUnitName, ASN1_TAG_PrintableString, "CS");
x509_name_add_rdn(&subject, OID_at_commonName, ASN1_TAG_PrintableString, "infosec");
sm2_keygen(&keypair);
if (x509_cert_request_set_sm2(&req, &subject, &keypair) != 1
|| x509_cert_request_sign_sm2(&req, &keypair) != 1
|| x509_cert_request_to_der(&req, &p, &len) != 1) {
error_print();
err++;
goto end;
}
print_der(buf, len);
printf("\n");
memset(&req, 0, sizeof(req));
if (x509_cert_request_from_der(&req, &cp, &len) != 1) {
error_print();
err++;
goto end;
}
x509_cert_request_print(stdout, &req, 0, 0);
end:
return err;
return 0;
}
#endif
int main(void)
{
int err = 0;
//err += test_x509_validity();
//err += test_x509_signature_algor(OID_sm2sign_with_sm3);
//err += test_x509_signature_algor(OID_rsasign_with_sm3);
//err += test_x509_name();
//err += test_x509_public_key_info();
//err += test_x509_certificate();
// err += test_x509_version();
// err += test_x509_validity();
// err += test_x509_attr_type_and_value();
// err += test_x509_rdn();
// err += test_x509_name();
// err += test_x509_public_key_info();
// err += test_x509_tbs_cert();
err += test_x509_cert();
//err += test_x509_cert_request();
//test_x509_extensions();
return 1;
return err;
}