diff options
| author | Jo-Philipp Wich <jow@openwrt.org> | 2014-12-03 15:17:05 +0100 |
|---|---|---|
| committer | Jo-Philipp Wich <jow@openwrt.org> | 2015-01-08 16:26:20 +0100 |
| commit | 1bb4822dca6113f73e3bc89e2acf15935e6f8e92 (patch) | |
| tree | 35e16f100466e4e00657199b38bb3d87d52bf73f /libs/nixio/axTLS/ssl/test | |
| parent | 9edd0e46c3f880727738ce8ca6ff1c8b85f99ef4 (diff) | |
Rework LuCI build system
* Rename subdirectories to their repective OpenWrt package names
* Make each LuCI module its own standalone package
* Deploy a shared luci.mk which is used by each module Makefile
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Diffstat (limited to 'libs/nixio/axTLS/ssl/test')
58 files changed, 0 insertions, 5304 deletions
diff --git a/libs/nixio/axTLS/ssl/test/Makefile b/libs/nixio/axTLS/ssl/test/Makefile deleted file mode 100644 index 56c711f19..000000000 --- a/libs/nixio/axTLS/ssl/test/Makefile +++ /dev/null @@ -1,97 +0,0 @@ -# -# Copyright (c) 2007, Cameron Rich -# -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# * Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the axTLS project nor the names of its -# contributors may be used to endorse or promote products derived -# from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY -# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -all: - -AXTLS_HOME=../.. - -include $(AXTLS_HOME)/config/.config -include $(AXTLS_HOME)/config/makefile.conf - -ifdef CONFIG_PERFORMANCE_TESTING -all: performance -endif - -ifdef CONFIG_SSL_TEST -all: ssltesting -endif - -include $(AXTLS_HOME)/config/makefile.post - -ifndef CONFIG_PLATFORM_WIN32 -performance: $(AXTLS_HOME)/$(STAGE)/perf_bigint -ssltesting: $(AXTLS_HOME)/$(STAGE)/ssltest -LIBS=$(AXTLS_HOME)/$(STAGE) - -$(AXTLS_HOME)/$(STAGE)/perf_bigint: perf_bigint.o $(LIBS)/libaxtls.a - $(CC) $(LDFLAGS) -o $@ $^ -L $(LIBS) -laxtls - -$(AXTLS_HOME)/$(STAGE)/ssltest: ssltest.o $(LIBS)/libaxtls.a - $(CC) $(LDFLAGS) -o $@ $^ -lpthread -L $(LIBS) -laxtls -else -performance: $(AXTLS_HOME)/$(STAGE)/perf_bigint.exe -ssltesting: $(AXTLS_HOME)/$(STAGE)/ssltest.exe - -CRYPTO_PATH="$(AXTLS_INCLUDE)crypto\\" -AXTLS_SSL_PATH="$(AXTLS_INCLUDE)ssl\\" - -CRYPTO_OBJ=\ - $(CRYPTO_PATH)aes.obj \ - $(CRYPTO_PATH)bigint.obj \ - $(CRYPTO_PATH)crypto_misc.obj \ - $(CRYPTO_PATH)hmac.obj \ - $(CRYPTO_PATH)md2.obj \ - $(CRYPTO_PATH)md5.obj \ - $(CRYPTO_PATH)rc4.obj \ - $(CRYPTO_PATH)rsa.obj \ - $(CRYPTO_PATH)sha1.obj - -OBJ=\ - $(AXTLS_SSL_PATH)asn1.obj \ - $(AXTLS_SSL_PATH)gen_cert.obj \ - $(AXTLS_SSL_PATH)loader.obj \ - $(AXTLS_SSL_PATH)openssl.obj \ - $(AXTLS_SSL_PATH)os_port.obj \ - $(AXTLS_SSL_PATH)p12.obj \ - $(AXTLS_SSL_PATH)x509.obj \ - $(AXTLS_SSL_PATH)tls1.obj \ - $(AXTLS_SSL_PATH)tls1_svr.obj \ - $(AXTLS_SSL_PATH)tls1_clnt.obj - -$(AXTLS_HOME)/$(STAGE)/perf_bigint.exe: perf_bigint.obj - $(LD) $(LDFLAGS) /out:$@ $? $(CRYPTO_OBJ) $(OBJ) - -$(AXTLS_HOME)/$(STAGE)/ssltest.exe: ssltest.obj - $(LD) $(LDFLAGS) /out:$@ $? $(CRYPTO_OBJ) $(OBJ) -endif - -clean:: - -@rm -f $(AXTLS_HOME)/$(STAGE)/perf_bigint* $(AXTLS_HOME)/$(STAGE)/ssltest* - diff --git a/libs/nixio/axTLS/ssl/test/axTLS.ca_key.pem b/libs/nixio/axTLS/ssl/test/axTLS.ca_key.pem deleted file mode 100644 index 7c8ac8af2..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.ca_key.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQCnZdk20fYWh8O6kDTt0AuJWyp0YIrb7W1UNNMPXI5wA4J59IVj -Nmk5wocm9+Hqzbg7rORAN/mHPBhzLAjhnm1HODs36hW15DtbDkkH4wCM/Tsyv79m -n0xq1V6peK3t9vi2D4p/IRjHkYR2jm+BeknopijhY0kHHfpGTHa2DnVirwIDAQAB -AoGAd4Ia5SxYiBU9A0BYyT8yPUm8sYELIaAL4YYk+F6Xwhh/Whnb8MyzquzaGFP4 -Ee30jYYNHlvX5VheDDtvy8OTN5FgKNNdzvW15iA4Hxje04ZI7W87G7OIxm7aYRid -sG4XqZBtsOdj33IRd9hgozywGJ2qRqS6nn2KxRv1w07RniECQQDZAlKxijdn+vQ7 -8/8mXzC+FwQtzeTUCuLrBJcos9I/591ABoxYkWcYLxpFqgCEVwb1qfPBJkL07JPt -Fu6CTnBFAkEAxXmUBs47x5QM99qyBO5UwW0Ksrm/WD4guaaxzQShMt/HzgJl613z -/x4FtxiQJHAr6r2K0t5xTJx89LVKuouYYwJAImue6DAvJ5wDfzrtXo28snn+HLHK -uONdKL/apgcXszE4w74GJsoxWwGlniUf3d3b6b1iP2GtPyIDOJjpjduZLQJAE4jS -VtYB3d1MZxxQLeKxqayyuTlcr0r+C79sqT5C//hZGIzuLhlOMLd0k0cvwxsBjSgQ -2ok8pfp49fAVI1z5xwJAVmJgLc/mSti5A2q3c8HW8qvMJEDPWbpb7p8pg4ePtpa8 -EE3TO4O4J2H+k40C397km4yZXdkNQsiT1zVljJZpiw== ------END RSA PRIVATE KEY----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.ca_x509.cer b/libs/nixio/axTLS/ssl/test/axTLS.ca_x509.cer Binary files differdeleted file mode 100644 index 9c9936b8e..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.ca_x509.cer +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/axTLS.ca_x509.pem b/libs/nixio/axTLS/ssl/test/axTLS.ca_x509.pem deleted file mode 100644 index 86f659710..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.ca_x509.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB3zCCAUgCCQCdbnM4pjqlWjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh -eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2 -MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMDQxMjAwBgNVBAoTKWF4VExTIFByb2pl -Y3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA -A4GNADCBiQKBgQCnZdk20fYWh8O6kDTt0AuJWyp0YIrb7W1UNNMPXI5wA4J59IVj -Nmk5wocm9+Hqzbg7rORAN/mHPBhzLAjhnm1HODs36hW15DtbDkkH4wCM/Tsyv79m -n0xq1V6peK3t9vi2D4p/IRjHkYR2jm+BeknopijhY0kHHfpGTHa2DnVirwIDAQAB -MA0GCSqGSIb3DQEBBQUAA4GBAB0LgNo0oCcwIie5plgwwFybQ8x95q6e3wndM/Mp -3gjcAFbGuchpo3dfFlTcRI0KyERb3q1MVxPM4sff9nT7EdHVyK9s8/ITkP2dcTKc -flbcTEfJVIeM8L2P5F41Hvn9GuGcMW8EmsC06gdbp1LLnqsdrXdMNBsAUBXfgPrU -+UcZ ------END CERTIFICATE----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.device_key b/libs/nixio/axTLS/ssl/test/axTLS.device_key Binary files differdeleted file mode 100644 index 4e981d143..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.device_key +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/axTLS.device_key.pem b/libs/nixio/axTLS/ssl/test/axTLS.device_key.pem deleted file mode 100644 index 2bcf5e37b..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.device_key.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDUIg4NEiu/diDAlbsWbTAhMKw4iBf2X5ohGJdTO6vhGQdEkhBR -Bgzdl9+0LbVDJY8YStUghwnuztT+IpNCrUtXtRK8Cn3QP+buzSe2ZGPVoEJIbvV/ -QudK/WuUDyTNSRTtW4S3RO36KqtbT6xh1QGTXV3I8sp7qwmcysklqZW8GwIDAQAB -AoGBAKBEDkuPw9+Ftp7pQIxj963LoQGgyEHJ3p9Mfd9TQLrydsw2cf9Uy9mKiWcN -9VkCgkZ/Gt/VRgrW1pIduxXv6O+8S14An+2mTayy3Ga1N6MulD7OHQP9kqR4j8TT -xaYPR/1skjhQ+Y0Uw4NEa3OkQp6lAUEp1aVX/mTfIZBguaUxAkEA/H543Ha6wbUV -iB+pHaBgj1nzarmuEey6kqqs7X0zoZory1X6bdpJ6l0/4qICa6aq+pt/7ywJCNoI -CPK3mL2zGQJBANcUHRBe7/HRWrJNIqB2WDA/gJshq4xOAiIBXWk1wpabvpkCnUjQ -rip5CAL3hXDnCQswZxRN/v7B4IlSxkKiY1MCQQCsL0MUdRMejfLFBXI6defjWiAZ -I86FAr6oziNnQP44sf4zh8pjp3zIihbK4lhsORhYFjrES29NzgG0uHBjhNnhAj97 -gBEwVVNyh8SMnb5EZbA+BDjU24CmECUpYZ9Bypzx3nyTX+zw4uMfgGAZVAhLzF5l -DmYiQqcpoipMsDsoCBcCQQCxBYSicXIPG8G6ZuFbgXFcZR7llgq74mbhfGuVEGbP -qS6ldhJb/IG9O3MFlRwdU44YyJ8QGpBKWF94OpIduF6w ------END RSA PRIVATE KEY----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.encrypted.p8 b/libs/nixio/axTLS/ssl/test/axTLS.encrypted.p8 Binary files differdeleted file mode 100644 index 8b0a7eb41..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.encrypted.p8 +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/axTLS.encrypted_pem.p8 b/libs/nixio/axTLS/ssl/test/axTLS.encrypted_pem.p8 deleted file mode 100644 index 19ca3c5ea..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.encrypted_pem.p8 +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIBfTAcBgoqhkiG9w0BDAEBMA4ECN+YmhCv0ILdAgIIAASCAVu0QEfMkp0xUsNq -0Ek4Nsa/uxcs8N/2P7Ae7qCakkvsdRvvPPH0y+wuj5NgrG6WpPeeEx9fI2oNNTfC -pwncH0Xm99ofVrgMX6XC45LDZtzXNSZd4TdBP6xvlYXbuGegp5GPJ8emzscHCFhC -JfPHemRAcB7DhiWukPosuSUr5R8OluEMJrQLHuQtlDAvMjLEI98lSchPxF8LKCk3 -SS2uCcmc+4WiR0nHG9BOaGi38+PytHAnbfo1mfVSQzLfgLicMAVGysfQ9QOgpQOO -ygYfM/s7Duwbl0rshyXVJP+7BpYJnPtHvO4BTiizU7ZEr4WBiEnnANDrupSdsxeH -+cxZo70YJVdoPdgMd2ke6EIkUhp7HughFg+okldlEtJA4muKeEzwAxZu0TqxOtZ8 -UYRS4Ygk+rN7Y0qTKSYwSkrFBwUDkpctYjRUOeAZ/mYMKWmMn1ejAb5Is7bjEIxl -tw== ------END ENCRYPTED PRIVATE KEY----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.key_1024 b/libs/nixio/axTLS/ssl/test/axTLS.key_1024 Binary files differdeleted file mode 100644 index 5b6ba1d03..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.key_1024 +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/axTLS.key_1024.pem b/libs/nixio/axTLS/ssl/test/axTLS.key_1024.pem deleted file mode 100644 index 4f5ad4ece..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.key_1024.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDY4L8V3uqv6NX9C6ios9dGXacmbAy12bzG+MB40PZWZfgpSA57 -C6Ylfuh7eW845bW39OCckWD0BvNAHvmRGakvR0O1mx7c9qocSXkhKMuqSXPZCQVM -AvJMTWwcgKcUkUT8ErPh5+NPRLqMw3Q56EzQ1EwkYbRAlYzACrcCOTGFkwIDAQAB -AoGBAJQHcuW+rXk79zMsjgX4GmvQ6JH1FgfZglxc1SKhnkICf4vNvvSFUvYs1QnS -LPQs9geFgPnc0Mw/IjEV80nyteJpmQQESSHbn6FUWvrk2fkHBf+aZaTr8kfOVsdy -SUhc6BTXjyXMSSkGalR7F9ye1FPw9Z6FJaHrPekvuZz24YCBAkEA7gJ4x3iFBJfM -Nr3WEeLHOdk0UXJvig/NiDIzm8enA3fZgjW23R/CwRNAg1XrYOuBjgwWYrS0POsI -gJx50zjK8QJBAOlFXy4WzJNQQLZ5vDjgVmhQ0y9zjIwqDoFKirvM8GQ0Rp8HfSK2 -+UasVyOMHuvTBU2og2pn9qaxq47B7+998MMCQC/GWT4Y6AJzAe/fDTBL6BepjMHo -iZEZ+PSktw1G9zRQA14KsCkUrgAZgDKctYGf5EKCFKA9i4xK1UsTnbSTStECQGSM -g3dhWnMRP6OoG4rEoFo8pJsqimWMZ04xrFVBBEmdAuffmX/SMObWuITZDCcIgZu0 -zFicUYQOx200iVDJD3MCQQDa3l4arB0d17llJgD11OQohIYvAJxBAFLhR5HAUgVO -Dy8Nyps9iUG/7p+h5p2k60V/48ukawrifrCHXECxUREd ------END RSA PRIVATE KEY----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.key_2048 b/libs/nixio/axTLS/ssl/test/axTLS.key_2048 Binary files differdeleted file mode 100644 index 0af642de2..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.key_2048 +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/axTLS.key_2048.pem b/libs/nixio/axTLS/ssl/test/axTLS.key_2048.pem deleted file mode 100644 index beddb721b..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.key_2048.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAwqC/2/rPcAZEs5/ejT3ZL8Q3Pfdna2WC44i6HYCnCnbOIcW+ -6Xub2IXGwRwQBFy+mRE9WjqJ8kuOEkSt6e+8wAhLdag7WXJ6cxoag110t5FEHSyd -GfvFFyUNjMJhLd+EmaQTTpEv9MJPJj0Zdruh1EjyRxa4HJmiD9t7XmWyCfSmM0qM -kgJ0J6s62rRMBX+l/NEEX2VzJugdZAU671RWYOncuxX/2jUYlvIqI1l3SP8acMU5 -BtfLsYMj08lNHOjgZCPRwkdjsl6U5EqIizKZygw1FNugVEDHnL2MAYXwqzX3pGr/ -72Biy+J4TSH6lt0stszS5m8BirMgYr2FFHslrQIDAQABAoIBAQDBTa0gzEupJOCp -UvhUagBDO+vuBMJX3XuRh6PqV3QQpYz36BJEjXttIvkTpU6XNpIrLv8zlX6bAsW5 -iTL+bRiX1eU0l4FSxqutlFiO7oxVIdd37m6edvv6j9eUXR7t09k8S8TNPNBXlYHN -JdQbpCIH2OehCYSVC1X1z/UI/ZJF5VSn7UsYgwReK102svfHtll85K0TgHMir9Rx -Dlh0vYx3IJi2nDOTyJ4JekkyEAcYd3D6JUd0JujcN3Ev3EOsns5GXzN6KYvinmYf -Z1bA/HEMNb9ZS9bdsoAvyeJAeGp8ejzuJVHGL0kATgrAamb58fPS+A8Guk5eN5KY -5zvzNrJVAoGBAPVWvPrDOJX2ZI7poJ269xFteTWWIYA+r+YRRkhMBMcD08H5gs6e -QMWU9w8qjgSmbNkx8skkhn/gV5R3CbVYYRR2osrZIoOayWAsJmY0bHFTIvooYhfp -3lPVNIPzUpRObFksamtrsK+zpx5qOdigNhComXLsGWKfrN9Yvkb7YzIDAoGBAMsV -4UVH9WH0IKV1vx3QtrGEb69SZMpbmM8ZsPvaPgq00In9udY4w5V2ZygfTiq0ChUY -fYy6BeO6Gyp2DSABdz1AUH+0wcnNrHJghFtxtsq4Thu4MHU6ftc+JCGfSeWUapfh -KiHS0TEguRFcYSHnM1IDEiU4aTHY59FRUWMI2hKPAoGAIVfviTk9GIyLMC0qaiV9 -7L1vKsxDs1VRvLf+UFcckxu/DO7nS0OQ1Amh5krHUHR5+K7kK1gue3S3EnN3O1FO -qGRTTbRjD3XbBpoZgeyADIrbBxqz8kITuFsSrxhD0eoyqY/yyrSxJ8AH54dSY1Gq -52qyqD7UWGYRLa229pi165cCgYAd7/rGWMY+i1toqMPkpEjaQFiqcq3y+q+7D+F8 -Lv7oWyFGxkVn4/RJCyxHyN2gA+xckcCoRx/pIx0wFDj5F945BEsZmE7c7dnW/o1k -YY39sk+pXGygS2A5YKq43h9pnYhdHU81rzsxT86YVZLoCYoSM+uv2vH+7Ce4PpGN -1Nc41wKBgDUrYyfDB1RzdB63FwPRax5uLjewnuMXyZhy70ZkiGh0XBuQt2aCLeCZ -HpAyGcJryxdDFYA+UwJoSWjaW9ku0lp+GxX1F+cResrRHTi70w9czwGVaKmcG3kI -fFjG7w8nkiw5J7IRH7SxmNbmAv8L0Iy6jvoWLFB+EdUGWllkjCmJ ------END RSA PRIVATE KEY----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.key_4096 b/libs/nixio/axTLS/ssl/test/axTLS.key_4096 Binary files differdeleted file mode 100644 index c205382ab..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.key_4096 +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/axTLS.key_4096.pem b/libs/nixio/axTLS/ssl/test/axTLS.key_4096.pem deleted file mode 100644 index 9929467f4..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.key_4096.pem +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKQIBAAKCAgEA/Ce0mV0qytAwDPrjXRBlUh2gdKs2thDw3N18owXVrSUFq9Sw -AaMNrmep9DR9MEALcdMm3GCEJ7sOOiEQcqTz25di36WJDe+jo1z5nD2XZsPIsp9+ -k51Vz+W3B4vsXJAgzV+XZbmv9L0598VEwkpeI3Uc9et8ZhGvDPoHZyBQG1KAj6h3 -AKZ1+NthrhajxlrndQZ5Du/R5DSUQOBcCHHdzZgihdfF97Yn/kp1mele1ElZMlqg -BtpDi1TEQJ9XBtjCW0epFAm5THQ3gMx5DCcqB/cNYdZWqpZ0AuwATm61+46m4fFK -g3YAYPOi/74aKFuIQBw/lc8W//SV1x8SL/hf2XIdvSa9QhroNN0d3Xu2EUQzXZxo -PRMKzOqKfwlZW7ozT6hFBwPMh8yfhoPugq2TvqBjke1s3gmvwTgEcf+gY97qXiZC -X5bh/ehmnZ7vIblYFUD2yMlsKaXGJYweh3WKJlQnh71wQUg2Mxa6ig8ijrEozNlw -YfPCQFrNLqQfJOwdx90dy7hpUyUn1wo39p6wmC6n9ex4zeKbO4ndSp+/AJ+d5Qp8 -zoMzwneYV9LBQG8ry4uwzDkSWKb/WghsEbQ9O3sGIuI13SlT/B64v3bLb5AHagI8 -zS3kPsshjKhkcc2W9MKRBU2wIeCsNS052kaUq3rPMSBROrALmLk3en/Dq48CAwEA -AQKCAgEArPMy7So5Cqjm/FAtGI0BYeRORReWTCSsgGEudsauu7a0ABq+qjDDVodl -y8kgwLJ85xKUCf3tRy8G4BoDpQ688DYSrCFnMvbWP1urHV4ldWf+RX4eHHODAzil -ZHi1ovt8dEEHn89P/8a2dtqIgdbuYNWYCpj9Vyjz7yujXjmMmGDrKx26meiS7CDV -C8odhRSewuawq+0UArmJokIA/g3Tu4uIylKoR3JaVhGOPgYSc/rnQiFkt66HO47l -mQlxcJHGJUOulb7hqK3hz+bvc8V9D7+FH0EbaqANbF+hCirniWZb0odku2x5cAZM -G6uxV1MIzihR+Jf1R5PkHowCNoLegfM45tnuadP1+8Kezv1SsqkrkMEwfb0QN19C -2+bmnwYXagUgg/A2q2Shg9h4/3cpwdrDzGHD8IttGlzLR8HnlHkcAK3qRNqy9h60 -JDEW/tOurUSZBXjU9ZyoZSukcK3+yUjCDWS92wMOBlUQGh4/HCOOizahe6lhn2nT -+jkBvl38c+7GBKR0VyCisFi++FukMBbyU/hNNFByZxOj0b/+YVYI0qwM5oDzLhJH -69/VhxMx0xVt9/kOOO3yhdGjKCZztPZZm5mg2OzzXmf4im+hPSg0/OrdXrVNk4v/ -w7ouUQHSa3+rAAu8BJFF2rTWA7rjecVEnk6c77I6dEVYXdCfz8kCggEBAP+IJLHo -7Cs51qPcRKQc633phJa3pFGf6O8xN6pl8z1ZQX0voZyROKJLTytSH+zmPdmggUeg -7CRoV8BKY49YiOxO2Kx8BPfftItS9yvA3O9ztcdzQa72nYusMWwvj0yFU8DbYfnx -yYw59F/1pdPKFN83Sj4MJAOb4nAxBP1GiZvsPAgcTpf/197NLNHwUDdk/TXDtTLa -lx4uTn/SJDQuvsCCLBKyx7FdN5NPRN2kIKUWZLd7HRu2EhcSlATwf4TUPZz7atKN -2FD0svErpPOAspNPtnNj3RgeunGVqS2oi/XueuveNNCYLkcV8/UaZm85LBrPoEre -23qK9/ZN0SD534sCggEBAPyd+nD71pScrM0TI4Lc3jMNUKeZj3sT5rlhlkWlARhQ -WPEWYYg5vs3zDiRpG4Xy3n9ey+M6Tuw+/XpcJZxhrLYFOqparxXPP4qc+3EvtzpF -OskLR/2/bVnESf6+pQspmwW6G4IJ9vOmIJeUj9zeU0txuxKkjhAmInCnMxJOlYRm -xeLymuo5LZxrXmSXcX4cyZ0/4bF2L3IE5vH7ffdWXWYzW9wP7M4sFp+0iKjHuhC1 -gB6Qg0Mp0TVNUt0ZEelFLEJdA2lbbZ5yHhNXuhOxW/l3ASSe9tjTpy7yBSwBOpFG -l7QGISfJVEFfjyn7yWBYj5LDGnitlP4TtN8zyy6cJI0CggEAPRwY8ncqq7e8Thmq -TLkh1E3ZSJYIdQDSGwnhLx4MirpiwAZ5FtFgAugRueF9AxGY7wfEgxXIA3j0q2be -4nQg4qqEhNNv+LuGGN+xfsQz0gwRB+7XYXlW+gUnGKFTGtCz0+ZjSvv44FEn0R8V -Fk44qZ02YxpSLo7EG2KNt+h7lk9rl+D1JsKnpH/a3SYkeOrs50OzfMLr6urWGRlv -UQ9wzOcUlTAuM4uAc/k8FelfaTuuwHZv4qWrM9tcjMXbKS/8wCMcS9hiSBINDUIL -w7QegL5KetQCFveaTPmmqOWq+xiaSvgsF0qdnqBwZEh5ANZiZtMKmX0sbeT4Ie5A -OiunuwKCAQBlSlrvDqu9rwzCtdfZUwJtaftbGIGlkhdDYdPFXSIRQ7ZGBPlai/zr -y3dyNgrpLLb2T2ZlWC3pIGC2vVf/WlLMMVCSmgX2MsGBrOxNOBq57KRjlHhrUGRi -SAh7cqnuzeHw6+y3uZMhow0Semks4KB5ccLW+NBVvVS14vThdE0TZ7oVA74GCKM3 -Qv34S5kgPh7BRKoUZBUmHL0VbgfWMvUEU7eTh3cmPBteMh9RvbPnmz8iAkP/nDbc -roJ5UOITrL7QZUdG6XgMvik9DEH6P3Vnk8YLjwnfaw5wDm7wdBWtxqZxcru8nkeA -ZvaamPDoBtqauExW8xL4xaISlUv1BnrJAoIBAQCiEZk93GeRzYJFCO1YafsGYueX -Pffgd9wM2TpObgaEw8OIfEpGQKDiR35fb0uVzNyI5fVU5D5tP0b3LfvtQXV12ryQ -sVTA5YJcb8mRuUGy/AkjL54kNiZthUnlGHQjY3lqSyI1r5WxRIZBBRn5+g1eSZVq -CYCGjEryKm7vw8Qcvy1+H2crcZ0rRyLTcfFCr1ZXlyEZu48ScOtxcIDHc7j4J0LO -Peq2z0tbBojGkxFLX94J7zpRkWMPX9VHorEavDv7ZJwtgoXn3Lom0xHhO+JQaxY9 -FtJ79Ps9+SquXAnkhna4bbkrqrPM3+MAAV/S7bd1T1/8d4YiRQyaMHGS4Yr8 ------END RSA PRIVATE KEY----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.key_512 b/libs/nixio/axTLS/ssl/test/axTLS.key_512 Binary files differdeleted file mode 100644 index 7ae50f23b..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.key_512 +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/axTLS.key_512.pem b/libs/nixio/axTLS/ssl/test/axTLS.key_512.pem deleted file mode 100644 index 1e2fb41f8..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.key_512.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIBPQIBAAJBANE7MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOw -cPygat7sQYiE/lQVa2HFFmK4k0HxTz3/Lr0CAwEAAQJBAJF5xO2ONajX3GK2+B8W -VVO+BYNK71DfranJCX46BxXI/Ra7wOSY0UWZYHVsZGWJxx41os0UBTg5FRq4DwWW -AQECIQDo69eo39iQqjwhpAQxatMh2CWYT7gokyu56V+5o2V3fQIhAOX2b+tQxDsB -w0J9UDN6CdwI5XbzveoP5fHTPS9j4rhBAiEA3c+y6Zx6dZHYf8TdRV5QwDtB2iGY -4/L7Qimvwm6Lc1UCIQDDXWrVsocTTjsReJ6zLOHFcjVnqklU2W7T1E8tvKE3QQIh -AMRpCFM7MrS2axuc8/HzGkqW/3AlIBqdZbilj5zHd2R0 ------END RSA PRIVATE KEY----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.key_aes128.pem b/libs/nixio/axTLS/ssl/test/axTLS.key_aes128.pem deleted file mode 100644 index 8961bd9a5..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.key_aes128.pem +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,B3A0D2BCEF4DE916D0BBA30A6885251B - -v8y74AGReaPLmDt6O8wir6hX1Ze8K4fVNkrLqfDMdW5E7jBXKO8riCMNmSjQ9fyh -eTicej93+8krcIvSXKW18TdO+EWezQevgnLrAZQWaNPH2j4B+K5gm701uiiKFKVa -1zngAOByePYlN6z4JLbiCyJRhxSo5zCaUYkKC2eGh8mlE64QmokPSCAj0wcCDzGh -hdhBg1vm0GmaQwIDVn+8zMfahscXVMtBmyQf5YP4PQW2nqOt7aZHjBNdg9qnBpGw -b6YuY7eZ4FgQvYcsNCi34NroJb9pkTrrF2F9Meb6+3So7jtMFG/YaJdCuXtf01g/ -Qm+XA5pJUtIUr/hLQjhkaOVUtXv/k0o/MR4k5CbAmboLt6YHf5V8+01vk0bvv5dI -70pVdXMmx26xDZOGmjYzd93PWc+75jak3GN2fbWryQs= ------END RSA PRIVATE KEY----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.key_aes256.pem b/libs/nixio/axTLS/ssl/test/axTLS.key_aes256.pem deleted file mode 100644 index 7671a302f..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.key_aes256.pem +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,F076229CDC2BCB3B8722E3865855B45C - -WFV9QWzr4tNmD+1OeQ7BceQg5LVQHp20Jo1Ax29lq8JTPzeObhtaU2MUHlcPKHUS -vK4FyQxJ25CyMubbnaZqCCz9pNbseFuJ1tob9UqRmXkZ8HV3snRjJRbcctD+V9x+ -Ymi1GreXoDQtMp0FtMiFjPvIYciBQnaRv2ChMAnGXNbZXCxWWA9E5S3a+yWzo+gd -wEcowL+SUac1PEDGHokhKn7nctvI9cC4hE6JmKM1sD68/U3rRPXMGqmC7umqyT5P -gjWBb1uu0iRjFC9eQUsaKPxey5Be710GFlyf/Ff/tep7RhkryIWEPvIzYCBf6rhk -3pysFgTjfiUuBYUNumjXr/q5hgdtb75788XUDxKwAoUx+m8gi0nJg35CN2nmQ054 -VJxcZlNv0wqnJ+GTTZeN6fiAhTpVtHsqHQomRSfaBiw= ------END RSA PRIVATE KEY----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.noname.p12 b/libs/nixio/axTLS/ssl/test/axTLS.noname.p12 Binary files differdeleted file mode 100644 index 9d27999fa..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.noname.p12 +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/axTLS.unencrypted.p8 b/libs/nixio/axTLS/ssl/test/axTLS.unencrypted.p8 Binary files differdeleted file mode 100644 index d04694b1f..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.unencrypted.p8 +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/axTLS.unencrypted_pem.p8 b/libs/nixio/axTLS/ssl/test/axTLS.unencrypted_pem.p8 deleted file mode 100644 index e07375a84..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.unencrypted_pem.p8 +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIBVwIBADANBgkqhkiG9w0BAQEFAASCAUEwggE9AgEAAkEA0TswX6kBQj2GbXK+ -QG5RwUl/V3WhLTblwT0PIBrRI236dNI+I7Bw/KBq3uxBiIT+VBVrYcUWYriTQfFP -Pf8uvQIDAQABAkEAkXnE7Y41qNfcYrb4HxZVU74Fg0rvUN+tqckJfjoHFcj9FrvA -5JjRRZlgdWxkZYnHHjWizRQFODkVGrgPBZYBAQIhAOjr16jf2JCqPCGkBDFq0yHY -JZhPuCiTK7npX7mjZXd9AiEA5fZv61DEOwHDQn1QM3oJ3AjldvO96g/l8dM9L2Pi -uEECIQDdz7LpnHp1kdh/xN1FXlDAO0HaIZjj8vtCKa/CbotzVQIhAMNdatWyhxNO -OxF4nrMs4cVyNWeqSVTZbtPUTy28oTdBAiEAxGkIUzsytLZrG5zz8fMaSpb/cCUg -Gp1luKWPnMd3ZHQ= ------END PRIVATE KEY----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.withCA.p12 b/libs/nixio/axTLS/ssl/test/axTLS.withCA.p12 Binary files differdeleted file mode 100644 index ae029dee0..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.withCA.p12 +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/axTLS.withoutCA.p12 b/libs/nixio/axTLS/ssl/test/axTLS.withoutCA.p12 Binary files differdeleted file mode 100644 index c4eb54c44..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.withoutCA.p12 +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/axTLS.x509_1024.cer b/libs/nixio/axTLS/ssl/test/axTLS.x509_1024.cer Binary files differdeleted file mode 100644 index fc92d0564..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.x509_1024.cer +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/axTLS.x509_1024.pem b/libs/nixio/axTLS/ssl/test/axTLS.x509_1024.pem deleted file mode 100644 index 81f3eaf1c..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.x509_1024.pem +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB1zCCAUACCQDxw4fA1PRXwzANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh -eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2 -MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl -Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC -gYEA2OC/Fd7qr+jV/QuoqLPXRl2nJmwMtdm8xvjAeND2VmX4KUgOewumJX7oe3lv -OOW1t/TgnJFg9AbzQB75kRmpL0dDtZse3PaqHEl5ISjLqklz2QkFTALyTE1sHICn -FJFE/BKz4efjT0S6jMN0OehM0NRMJGG0QJWMwAq3AjkxhZMCAwEAATANBgkqhkiG -9w0BAQUFAAOBgQALRyRSfbZjeLyA3YdskEwzw1ynlwkcCU+bbrNaPkaSGseHFVnh -iFzOauKWqjLswu14i+CQZpMUw5irMzXTfV1RCpy5EFhHepiVZP9MXYIZ+eoPXprL -Midkym9YitDANvS5YzSl2jZQNknStzohM1s+1l8MmYO3sveLRMRec0GpAg== ------END CERTIFICATE----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.x509_2048.cer b/libs/nixio/axTLS/ssl/test/axTLS.x509_2048.cer Binary files differdeleted file mode 100644 index c0badf728..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.x509_2048.cer +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/axTLS.x509_2048.pem b/libs/nixio/axTLS/ssl/test/axTLS.x509_2048.pem deleted file mode 100644 index 1ed0141af..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.x509_2048.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICWzCCAcQCCQDxw4fA1PRXxDANBgkqhkiG9w0BAQQFADA0MTIwMAYDVQQKEylh -eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2 -MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl -Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBAMKgv9v6z3AGRLOf3o092S/ENz33Z2tlguOIuh2Apwp2ziHFvul7m9iF -xsEcEARcvpkRPVo6ifJLjhJErenvvMAIS3WoO1lyenMaGoNddLeRRB0snRn7xRcl -DYzCYS3fhJmkE06RL/TCTyY9GXa7odRI8kcWuByZog/be15lsgn0pjNKjJICdCer -Otq0TAV/pfzRBF9lcyboHWQFOu9UVmDp3LsV/9o1GJbyKiNZd0j/GnDFOQbXy7GD -I9PJTRzo4GQj0cJHY7JelORKiIsymcoMNRTboFRAx5y9jAGF8Ks196Rq/+9gYsvi -eE0h+pbdLLbM0uZvAYqzIGK9hRR7Ja0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQA8 -L1Zz9K6M/PQCYWrfnTjbPKY2rTB1OvSV0Uwy5KKPQRS1+oK9dx4K0miX+1ZvI1bo -f7/1aFXOsW3dpTwYUSjJvTMjSwNUPKiB/q/xwA1mzsbIZsbnhIITU95mOJ3xFhgc -YFdJ4saL7pppTzfOxZ+h9jWbDwgJJAwx/q+O72uE5w== ------END CERTIFICATE----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.x509_4096.cer b/libs/nixio/axTLS/ssl/test/axTLS.x509_4096.cer Binary files differdeleted file mode 100644 index 40bbe94fd..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.x509_4096.cer +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/axTLS.x509_4096.pem b/libs/nixio/axTLS/ssl/test/axTLS.x509_4096.pem deleted file mode 100644 index b7aed1cab..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.x509_4096.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDWzCCAsQCCQDxw4fA1PRXxTANBgkqhkiG9w0BAQQFADA0MTIwMAYDVQQKEylh -eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2 -MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl -Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC -AgoCggIBAPwntJldKsrQMAz6410QZVIdoHSrNrYQ8NzdfKMF1a0lBavUsAGjDa5n -qfQ0fTBAC3HTJtxghCe7DjohEHKk89uXYt+liQ3vo6Nc+Zw9l2bDyLKffpOdVc/l -tweL7FyQIM1fl2W5r/S9OffFRMJKXiN1HPXrfGYRrwz6B2cgUBtSgI+odwCmdfjb -Ya4Wo8Za53UGeQ7v0eQ0lEDgXAhx3c2YIoXXxfe2J/5KdZnpXtRJWTJaoAbaQ4tU -xECfVwbYwltHqRQJuUx0N4DMeQwnKgf3DWHWVqqWdALsAE5utfuOpuHxSoN2AGDz -ov++GihbiEAcP5XPFv/0ldcfEi/4X9lyHb0mvUIa6DTdHd17thFEM12caD0TCszq -in8JWVu6M0+oRQcDzIfMn4aD7oKtk76gY5HtbN4Jr8E4BHH/oGPe6l4mQl+W4f3o -Zp2e7yG5WBVA9sjJbCmlxiWMHod1iiZUJ4e9cEFINjMWuooPIo6xKMzZcGHzwkBa -zS6kHyTsHcfdHcu4aVMlJ9cKN/aesJgup/XseM3imzuJ3UqfvwCfneUKfM6DM8J3 -mFfSwUBvK8uLsMw5Elim/1oIbBG0PTt7BiLiNd0pU/weuL92y2+QB2oCPM0t5D7L -IYyoZHHNlvTCkQVNsCHgrDUtOdpGlKt6zzEgUTqwC5i5N3p/w6uPAgMBAAEwDQYJ -KoZIhvcNAQEEBQADgYEAcrCtPXmZyPX01uNMh2X1VkgmUn/zLemierou7WD/h7xL -dOl4eeKjFBqIiC19382m1DK4h1F8MceqaMgTueCJpLM7A2cwN3ta8/pGP2yEVhdp -h10PkdRPF/AU8JmxnFaADsc6+6xWbbrdNv5xcvP1bJKWWW+30EhRF9PxjXiETXc= ------END CERTIFICATE----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.x509_512.cer b/libs/nixio/axTLS/ssl/test/axTLS.x509_512.cer Binary files differdeleted file mode 100644 index 48c6e13aa..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.x509_512.cer +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/axTLS.x509_512.pem b/libs/nixio/axTLS/ssl/test/axTLS.x509_512.pem deleted file mode 100644 index 8191e489f..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.x509_512.pem +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBkjCB/AIJAPHDh8DU9FfCMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4 -VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw -NzExNDQzMloXDTMzMTAyMzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj -dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANE7 -MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOwcPygat7sQYiE/lQV -a2HFFmK4k0HxTz3/Lr0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAKRT6LwFr1xedJ -b4qrvjB+EwV/0p4TNNXUS9S30rMSFvRar7VxvLP1lpYj9PR1JGSZMG/B6hR4yumF -Rjwel9FPgNcWCW4DXAWqz3UQF7oZtJL6K+XJpQ0gwC+Nxc+RRGNLMlK7dLiqFh/V -qZLej5Xy93M0JyZBiLV88P+c08gd7A== ------END CERTIFICATE----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.x509_aes128.pem b/libs/nixio/axTLS/ssl/test/axTLS.x509_aes128.pem deleted file mode 100644 index 9a75fe960..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.x509_aes128.pem +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBkjCB/AIJAPHDh8DU9FfHMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4 -VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw -NzExNDQzMloXDTMzMTAyMzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj -dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMDo -g6K2iXFftW+Qk+rrzkMGWrtfY6YSxPstPRrI7akluUEoyWGITXbK6L3QfERrf2eu -CnWyciQiHVRoHC0EgZUCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBT6YhR8x/bBteK -lr8E0l4mATOnYlsmge+z/SFYs4bDBofqlwQCVJXNSBA4ZsEjgP9qIWTu/85QrVGq -LrkewSM6Oeh95LGnE+uhJVtIX++O+Hsex3H1UL067dCG99XmDhqbEU9AI6YSZu2p -cjoSowFELtOoG667+id9QObfV3EQoQ== ------END CERTIFICATE----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.x509_aes256.pem b/libs/nixio/axTLS/ssl/test/axTLS.x509_aes256.pem deleted file mode 100644 index 4f3074e01..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.x509_aes256.pem +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBkjCB/AIJAPHDh8DU9FfIMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4 -VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw -NzExNDQzMloXDTMzMTAyMzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj -dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANAW -9PdXa5u4gWi5VB5p/eQmOtteRq9/54JkiEs8cVNrTQgZsjjU1LGedE3JwBqZ1EIW -HGPjcGg5dVxFjkn7RekCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBmJMt0Crdd/BPn -EdmzsVXou0zTizTC8wyUPMVpg/KzzP7fhZux/ZIrH9/RVcJd9y+B2/mXc3C+K99+ -TXQoYKsLGArfDPzmpy1wPrdEcB1A9gkWDl1Uq6xRyvrVm3gX8NTITRuGKL9njgWx -2SrApIBtOOUOinYtfH3745cVVl5HOA== ------END CERTIFICATE----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.x509_bad_after.pem b/libs/nixio/axTLS/ssl/test/axTLS.x509_bad_after.pem deleted file mode 100644 index 79eb9ccd6..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.x509_bad_after.pem +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBkjCB/AIJAPHDh8DU9FfKMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4 -VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw -NzExNDQzMloXDTA1MDYwNzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj -dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANE7 -MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOwcPygat7sQYiE/lQV -a2HFFmK4k0HxTz3/Lr0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQCmPSs9EceViMZD -ZTXDZpQWJFcXaeInrXWgYWyVgnHBY/eSuqNCxkV/ehv/Wc5pWBGnrX+4cSvQ+TpQ -FdZegeOjvgipjtJb/0TJCcvgcdHTntEM0h7VXjfbsJXAHwJPFzWIKxV4jeFXnaaw -W+YHrj9GQ8PnFmapPuh4h/y6LyHAcg== ------END CERTIFICATE----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.x509_bad_before.pem b/libs/nixio/axTLS/ssl/test/axTLS.x509_bad_before.pem deleted file mode 100644 index fe72b541b..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.x509_bad_before.pem +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBkjCB/AIJAPHDh8DU9FfJMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4 -VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTIz -MTE0MDAwMFoXDTI1MTIzMTE0MDAwMFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj -dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANE7 -MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOwcPygat7sQYiE/lQV -a2HFFmK4k0HxTz3/Lr0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQApbldYefE8A0ez -SYvAuCtYxx/2KHwBRD/cR0q7widl9WGjVC/dsnbFo109vHEr3FP1HVYSI0aweiaK -XZmpUyJ9DprbbWQqaLuDnqIH8X7kfiMuO7/LGQc812iDJI2Akxp9cIlPBFBD8GVx -+0EphzSodDDlLD8bPqLaWTE+8Ydtjw== ------END CERTIFICATE----- diff --git a/libs/nixio/axTLS/ssl/test/axTLS.x509_device.cer b/libs/nixio/axTLS/ssl/test/axTLS.x509_device.cer Binary files differdeleted file mode 100644 index c966743c9..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.x509_device.cer +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/axTLS.x509_device.pem b/libs/nixio/axTLS/ssl/test/axTLS.x509_device.pem deleted file mode 100644 index e9cbaaf31..000000000 --- a/libs/nixio/axTLS/ssl/test/axTLS.x509_device.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBjTCCATcCCQDxw4fA1PRXxjANBgkqhkiG9w0BAQUFADAsMRYwFAYDVQQKEw1h -eFRMUyBQcm9qZWN0MRIwEAYDVQQDEwkxMjcuMC4wLjEwHhcNMDYwNjA3MTE0NDMy -WhcNMzMxMDIzMTE0NDMyWjArMSkwJwYDVQQKEyBheFRMUyBQcm9qZWN0IERldmlj -ZSBDZXJ0aWZpY2F0ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1CIODRIr -v3YgwJW7Fm0wITCsOIgX9l+aIRiXUzur4RkHRJIQUQYM3ZfftC21QyWPGErVIIcJ -7s7U/iKTQq1LV7USvAp90D/m7s0ntmRj1aBCSG71f0LnSv1rlA8kzUkU7VuEt0Tt -+iqrW0+sYdUBk11dyPLKe6sJnMrJJamVvBsCAwEAATANBgkqhkiG9w0BAQUFAANB -ABC3Uc6uImIpcLl1WYu8K8qkGnVT4K9JkdXHQFbhFZs37lvITrOHQ3j2oGXTbdAx -JFJ3II9xXkm+nc7oLHqhXlc= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIB3zCCAUgCCQCdbnM4pjqlWjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh -eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2 -MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMDQxMjAwBgNVBAoTKWF4VExTIFByb2pl -Y3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA -A4GNADCBiQKBgQCnZdk20fYWh8O6kDTt0AuJWyp0YIrb7W1UNNMPXI5wA4J59IVj -Nmk5wocm9+Hqzbg7rORAN/mHPBhzLAjhnm1HODs36hW15DtbDkkH4wCM/Tsyv79m -n0xq1V6peK3t9vi2D4p/IRjHkYR2jm+BeknopijhY0kHHfpGTHa2DnVirwIDAQAB -MA0GCSqGSIb3DQEBBQUAA4GBAB0LgNo0oCcwIie5plgwwFybQ8x95q6e3wndM/Mp -3gjcAFbGuchpo3dfFlTcRI0KyERb3q1MVxPM4sff9nT7EdHVyK9s8/ITkP2dcTKc -flbcTEfJVIeM8L2P5F41Hvn9GuGcMW8EmsC06gdbp1LLnqsdrXdMNBsAUBXfgPrU -+UcZ ------END CERTIFICATE----- diff --git a/libs/nixio/axTLS/ssl/test/datatest.c b/libs/nixio/axTLS/ssl/test/datatest.c deleted file mode 100644 index 2a5e836e5..000000000 --- a/libs/nixio/axTLS/ssl/test/datatest.c +++ /dev/null @@ -1,43 +0,0 @@ - -#include <string.h> -#include <stdlib.h> -#include "ssl.h" - -int main(int argc, char *argv[]) -{ - bigint *m1, *m2, *d; - BI_CTX *ctx = bi_initialize(); - char cmp1[1024], cmp2[1024]; - - const char *plaintext = /* 128 byte number */ - "01aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee" - "01aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee"; - d = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext)); - memset(cmp1, 0, sizeof(cmp1)); - - while (1) - { - bi_set_mod(ctx, bi_clone(ctx, d), 0); - m1 = bi_square(ctx, bi_copy(d)); - m2 = bi_residue(ctx, m1); - bi_free_mod(ctx, 0); - - //bi_export(ctx, bi_copy(d), cmp1, sizeof(cmp1)); - bi_export(ctx, m2, cmp2, sizeof(cmp2)); - - if (memcmp(cmp1, cmp2, sizeof(cmp1)) != 0) - { - printf("Error!\n"); TTY_FLUSH(); - break; - } - - d = bi_add(ctx, d, int_to_bi(ctx, 1)); - } - - bi_free(ctx, d); - bi_terminate(ctx); - printf("all good\n"); TTY_FLUSH(); - return 0; - -} - diff --git a/libs/nixio/axTLS/ssl/test/datatest.c.old b/libs/nixio/axTLS/ssl/test/datatest.c.old deleted file mode 100644 index a5703fb9e..000000000 --- a/libs/nixio/axTLS/ssl/test/datatest.c.old +++ /dev/null @@ -1,280 +0,0 @@ -#include "crypto.h" - -#include <string.h> -#include <stdlib.h> -//#define DEBUG_TEST - -typedef enum { - encrypt, decrypt -} CryptoMode; - -void hex_dump(const char* header, const unsigned char* data, const unsigned int data_length) -{ - unsigned int byte_count; - printf("%s (%d bytes):\n", header, data_length); - for(byte_count = 0; byte_count < data_length; ++byte_count) - { - printf("%02X", data[byte_count]); - } - printf("\n"); -} - -void do_rsa(const CryptoMode crypto_mode, - const unsigned char* data, const unsigned int data_length, - const unsigned char* modulus, const unsigned int modulus_length, - const unsigned char* exponent, const unsigned int exponent_length, - unsigned char* result, const unsigned int result_length) -{ - RSA_CTX* rsa_context = NULL; - BI_CTX *bi_ctx; - bigint *plaintext_bi; - bigint *enc_data_bi, *dec_data_bi; - -#ifdef DEBUG_TEST - printf("do_rsa:\n"); - hex_dump("data", data, data_length); - hex_dump("modulus", modulus, modulus_length); - hex_dump("exponent", exponent, exponent_length); -#endif - - RSA_priv_key_new(&rsa_context, modulus, modulus_length, exponent, exponent_length, exponent, exponent_length); - memset(result, 0, result_length); - bi_ctx = rsa_context->bi_ctx; - - switch(crypto_mode) - { - case encrypt: -#ifdef DEBUG_TEST - printf("encrypt\n"); -#endif - plaintext_bi = bi_import(bi_ctx, data, data_length); - enc_data_bi = RSA_public(rsa_context, plaintext_bi); - bi_export(bi_ctx, enc_data_bi, result, result_length); - break; - - case decrypt: - -#ifdef DEBUG_TEST - printf("decrypt\n"); -#endif - plaintext_bi = bi_import(bi_ctx, data, data_length); - dec_data_bi = RSA_private(rsa_context, plaintext_bi); - bi_export(bi_ctx, dec_data_bi, result, result_length); - break; - } -#ifdef DEBUG_TEST - hex_dump("result", result, result_length); -#endif - - RSA_free(rsa_context); -} - -void test_matching(char* test_description, - const unsigned char* expected, const unsigned int expected_length, - const unsigned char* result, const unsigned int result_length) -{ - int test_result = memcmp(expected, result, expected_length); - printf("Testing %s ... ", test_description); - if(test_result == 0) - { - printf("ok.\n"); - } - else - { - printf("failed!\n"); - hex_dump("should be", expected, expected_length); - hex_dump("but is", result, result_length); - } -} - -void encrypt_decrypt_should_yield_original(char* test_description, - const unsigned char* data, const unsigned int data_length, - const unsigned char* modulus, const unsigned int modulus_length, - const unsigned char* private_exponent, const unsigned int private_exponent_length, - const unsigned char* public_exponent, const unsigned int public_exponent_length, - const unsigned char* cryptogram, const unsigned int cryptogram_length) -{ - const unsigned int calculated_cryptogram_length = modulus_length; - unsigned char* calculated_cryptogram = malloc(calculated_cryptogram_length); - const unsigned int decrypted_data_length = modulus_length; - unsigned char* decrypted_data = malloc(decrypted_data_length); - - printf("\nRunning \"%s\" ...\n", test_description); - -#ifdef DEBUG_TEST - printf("encrypt_decrypt_should_yield_original:\n"); - hex_dump("data", data, data_length); - hex_dump("modulus", modulus, modulus_length); - hex_dump("private_exponent", private_exponent, private_exponent_length); - hex_dump("public_exponent", public_exponent, public_exponent_length); - hex_dump("cryptogram", cryptogram, cryptogram_length); -#endif - - do_rsa(encrypt, data, data_length, - modulus, modulus_length, - private_exponent, private_exponent_length, - calculated_cryptogram, calculated_cryptogram_length); - -#ifdef DEBUG_TEST - hex_dump("calculated_cryptogram", calculated_cryptogram, calculated_cryptogram_length); -#endif - - if(cryptogram != NULL) - { - test_matching("cryptogram", cryptogram, cryptogram_length, - calculated_cryptogram, calculated_cryptogram_length); - } - - do_rsa(decrypt, calculated_cryptogram, calculated_cryptogram_length, - modulus, modulus_length, - public_exponent, public_exponent_length, - decrypted_data, decrypted_data_length); - - test_matching("decrypted plaintext", data, data_length, - decrypted_data, decrypted_data_length); - - free(calculated_cryptogram); - free(decrypted_data); -} - -/* configure without CRT! - - prepare data with: - > echo "<string>" | - ruby -ne '$_.gsub!(/ /, "").scan(/../).each_with_index \ - { |b, i| print "\"\n\"" if i % 16 == 0; print "\\x" + b;}' */ -int main(int argc, char *argv[]) -{ -#if 0 - unsigned char stuff[] = { - 0x22, 0x33, 0x44, 0x81, - 0xF1, 0xFF, 0xAA, 0xBB, - 0xCC, 0xDD, 0xEE , 0x01, - 0x45, 0x44, 0xfa, 0x8d, - 0xfa, 0x20, 0x99, 0xFF, - 0xab, 0xda, 0xac, 0x40 }; - unsigned char resA[sizeof(stuff)*2], resB[sizeof(stuff)*2]; - - BI_CTX *bi_ctx = bi_initialize(); - bigint *bi_data1, *bi_data2, *res1, *res2; - bi_data1 = bi_import(bi_ctx, stuff, sizeof(stuff)); - bi_data2 = bi_import(bi_ctx, stuff, sizeof(stuff)); - - res1 = bi_multiply(bi_ctx, bi_copy(bi_data1), bi_copy(bi_data2)); - res2 = bi_multiply(bi_ctx, bi_data1, bi_data2); - bi_print("MULTIPLY", res1); - bi_print("SQUARE", res2); - bi_export(bi_ctx, res1, resA, sizeof(resA)); - bi_export(bi_ctx, res2, resB, sizeof(resB)); - if (memcmp(resA, resB, sizeof(resA))) - printf("OUCH - difference!\n"); - bi_terminate(bi_ctx); - - exit(0); -#endif - encrypt_decrypt_should_yield_original("Works only with Montgomery", - (const unsigned char*) /* data */ - "\xBC\xD3\x12\x6C\x93\x13\x14\x4C\x00\x5D\xFD\xBF\xDE\xE4\xD3\x60" - "\x29\xB8\xAE\x47\xBE\x0B\xB6\x0A\x39\x88\xB7\x93\x19\x14\xE8\x88" - "\x4A\xDE\x00\x46\x89\x5A\x11\x1A\xC4\x8F\xE8\xF7\x27\xAC\x59\x80" - "\x03\xC1\x93\x14\x01\x00\x93\x15\x07\x00\x00\x00\x01\x01\x05\x20" - "\x93\x16\x0F\x42\x34\x33\x3A\x58\x30\x30\x30\x31\x30\x31\x30\x30" - "\x30\x31\x92\x6B\x10\x6C\x69\x62\x65\x6C\x6D\x65\x74\x72\x65\x65" - "\x2E\x73\x6F\x2E\x30\x93\x18\x02\xA5\x92\x92\x6C\x03\x96\xE3\x0C" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xB7\xBE", 128, - (const unsigned char*) /* modulus */ - "\xc4\x5a\xcb\x35\x95\xad\x32\x4a\xcf\x9c\x82\x45\x13\xb7\x42\x35" - "\x22\x32\x6d\x2e\x6d\x26\x2e\x6d\x00\x9b\xae\x2d\x9e\x78\x1e\xdd" - "\x40\x23\x17\xa8\xbb\xa1\x07\x86\xb4\x3c\xbc\xe8\xd5\xfc\xd9\xeb" - "\x3c\xad\x63\x11\xf3\x1d\x64\x81\x96\xf2\xf5\xfe\xca\x5a\xf7\x8a" - "\x15\xcb\x90\x81\x68\xae\x59\xb4\xe1\xa4\x41\x99\xcd\xf3\x98\xbd" - "\x3c\x48\x37\xdb\xa1\xc3\x1c\x6f\x43\xd1\x89\x23\xe5\x3d\xa3\xa5" - "\x92\x7b\x19\x14\x1e\x7a\xf3\x88\x8a\x36\x21\x3e\x16\x40\x3c\xd7" - "\xd3\xdb\x13\xaf\xc9\x68\x45\x84\xb3\x39\x8f\x02\xed\x28\x02\x5f", 128, - (const unsigned char*) /* private exponent */ - "\x5d\x19\xb7\xb4\x66\x8d\xc2\x84\xda\x3f\x99\x3c\xeb\x86\x3e\xec" - "\x36\x94\xb6\x54\x07\x08\xcd\x86\x7d\x7d\x53\x6e\xe9\xee\x86\xa3" - "\xdd\x5f\x46\x3e\x89\x08\x67\x2b\x25\x96\x8e\xf3\xcf\x52\x9e\x78" - "\xfd\x42\x30\xf1\x37\xd6\xbd\xea\xfc\x09\xa3\x3d\xf5\xf0\x7f\xe1" - "\xb1\xe0\x69\x13\x44\xf9\x8b\x95\x58\x2a\x81\xb3\xa8\x15\xce\x7e" - "\xd3\xea\x97\x0a\xa2\x14\xd4\xae\xc7\x75\xbb\x9f\x68\xa5\x53\x0e" - "\x85\x29\x88\x48\x6c\xc9\xcc\xde\x72\x40\x3a\x4c\x82\xde\x3c\xfb" - "\x08\xf8\x2c\x26\xb5\xd4\xea\xc4\xca\x98\x6e\x43\x3e\x67\x54\xc1", 128, - (const unsigned char*) /* public exponent */ - "\x01\x00\x01", 3, - (const unsigned char*) /* precalculated encrypted data */ - "\x93\xE8\x1F\xF9\x70\xFA\xAA\xED\x54\xFD\x48\x37\xC9\x71\x9A\x11" - "\x69\x80\xB4\x22\x0C\xAD\x5A\x95\x65\xCA\x7C\xF7\x70\x56\x92\xCB" - "\x45\x6D\x58\x84\x21\x80\x23\x76\x21\x4A\x61\x99\xC1\x11\x9C\x0F" - "\x40\xED\x80\x9C\x8F\x3A\x4F\x01\xB5\x72\xC3\x24\xAE\xF3\x6B\x98" - "\xA8\x60\xAC\xAF\x95\x98\x9A\xAA\xA4\x28\xF2\x02\x05\xFC\xF3\xDD" - "\xB0\x5A\x4E\xDE\x3C\x41\x4B\x1C\x5B\x1F\xF6\x3D\xAF\x93\x43\xCB" - "\xD8\xC7\x24\x97\x8F\x49\xE5\x5B\x10\x51\x3B\x1E\xA6\x39\xEA\x4E" - "\xA5\xE0\x71\x8C\xCA\x34\x8C\x2F\x6C\x5C\x78\x34\x86\x7C\x54\x6A", 128); - - encrypt_decrypt_should_yield_original("Works only with Barrett", - (const unsigned char*) /* data */ - "\x36\x42\x32\xe4\x1e\x78\x02\x8e\xfb\x64\x5f\x0c\xfc\x5a\xd7\x5c" - "\xe4\xb5\x91\x5c\x4b\x00\x87\x28\x87\x9b\xa0\x4b\x09\xc2\x6b\x64" - "\xac\x4b\xcf\xa5\xee\x8a\xb7\xc9\xc9\x90\x02\xc1\xa3\x47\x5c\x6b" - "\x71\x5d\x5d\x49\x27\xe1\x15\xc6\xcf\x37\x9e\xa7\x0f\xa1\xad\x96" - "\x83\xef\x4b\x53\x68\xcd\x77\xfc\x14\x5f\xf5\xb7\x78\xb0\x10\xeb" - "\x0d\x61\x94\x01\xf6\xaa\x1b\x19\x23\x39\xa7\xcc\x6c\x42\x4a\x87" - "\x79\x27\x04\xc6\xec\x8e\x50\xba\xb9\x26\x89\xd4\x00\x01\x25\xe5" - "\xf3\x9e\x98\x0c\x8d\x2e\x43\x1e\xe9\x29\x90\xd2\x75\x61\x85\xe7", 128, - (const unsigned char*) /* modulus */ - "\x37\x0c\x32\xe4\x1e\x78\x02\x8e\xfb\x64\x5f\x0c\xfc\x5a\xd7\x5c" - "\xe4\xb5\x91\x5c\x4b\x00\x87\x28\x87\x9b\xa0\x4b\x09\xc2\x6b\x64" - "\xac\x4b\xcf\xa5\xee\x8a\xb7\xc9\xc9\x90\x02\xc1\xa3\x47\x5c\x6b" - "\x71\x5d\x5d\x49\x27\xe1\x15\xc6\xcf\x37\x9e\xa7\x0f\xa1\xad\x96" - "\x83\xef\x4b\x53\x68\xcd\x77\xfc\x14\x5f\xf5\xb7\x78\xb0\x10\xeb" - "\x0d\x61\x94\x01\xf6\xaa\x1b\x19\x23\x39\xa7\xcc\x6c\x42\x4a\x87" - "\x79\x27\x04\xc6\xec\x8e\x50\xba\xb9\x26\x89\xd4\x00\x01\x25\xe5" - "\xf3\x9e\x98\x0c\x8d\x2e\x43\x1e\xe9\x29\x90\xd2\x75\x61\x85\xe7", 128, - (const unsigned char*) /* private exponent */ - "\x16\x3a\x76\xd2\x66\xfb\x4f\x0d\x2d\xb6\x7a\x2b\x64\x3b\xca\x7b" - "\x58\x5f\x79\x33\x2b\x96\x2a\xfd\xd2\xc4\xa5\x15\xa7\xfb\x3a\x22" - "\x8c\xf0\x90\x09\x11\x2a\x32\xcc\xe8\xf7\x9e\x25\x53\x29\x9d\xc8" - "\x45\x1e\xce\x6c\x9c\x0d\xe8\x1d\x3f\xcf\xd5\xe0\xe0\x0f\x09\x69" - "\x2d\xe7\xd5\xe6\xe5\x10\xd9\x4e\x20\xdb\xbd\xa1\x04\x6b\xe6\x1d" - "\x4c\x79\x28\x47\x30\x11\xde\x14\xb4\x6e\x35\x98\x38\x50\x44\x82" - "\xbd\xc4\xfb\x03\xb3\xf6\x5e\x5a\x29\xfa\x29\xaa\xde\xe4\xfd\x15" - "\xbe\xed\x4f\x93\x9d\x0d\x29\xe8\xd7\xa3\xf4\x18\xc8\x98\xb1\x01", 128, - (const unsigned char*) /* public exponent */ - "\x01\x00\x01", 3, - NULL, 0); - - encrypt_decrypt_should_yield_original("Works always", - (const unsigned char*) /* data */ - "\xB9\x42\x32\xe4\x1e\x78\x02\x8e\xfb\x64\x5f\x0c\xfc\x5a\xd7\x5c" - "\xe4\xb5\x91\x5c\x4b\x00\x87\x28\x87\x9b\xa0\x4b\x09\xc2\x6b\x64" - "\xac\x4b\xcf\xa5\xee\x8a\xb7\xc9\xc9\x90\x02\xc1\xa3\x47\x5c\x6b" - "\x71\x5d\x5d\x49\x27\xe1\x15\xc6\xcf\x37\x9e\xa7\x0f\xa1\xad\x96" - "\x83\xef\x4b\x53\x68\xcd\x77\xfc\x14\x5f\xf5\xb7\x78\xb0\x10\xeb" - "\x0d\x61\x94\x01\xf6\xaa\x1b\x19\x23\x39\xa7\xcc\x6c\x42\x4a\x87" - "\x79\x27\x04\xc6\xec\x8e\x50\xba\xb9\x26\x89\xd4\x00\x01\x25\xe5" - "\xf3\x9e\x98\x0c\x8d\x2e\x43\x1e\xe9\x29\x90\xd2\x75\x61\x85\xe7", 128, - (const unsigned char*) /* modulus */ - "\xB9\x77\xEC\x83\x95\xAF\xB1\xF8\x21\x21\xFF\x05\x5E\x0C\x91\x0C" - "\x2E\xD5\xD2\x94\x1C\x38\x5E\xED\x5A\xCF\x84\xD0\x12\x8B\xAA\x4B" - "\x3A\x63\x65\x78\x13\xED\x24\x4E\x83\xF2\xF5\x02\x66\x5D\xFC\xC1" - "\x80\x5B\x78\x78\xB4\x0B\x45\xE5\x22\xC6\xCD\xEB\xCC\x74\x0B\x0B" - "\xD8\x8B\x91\x99\x48\x8E\x74\xA9\xD0\x1A\x39\x94\xC2\xD4\x2E\x9A" - "\x8C\x0C\x35\x0D\x97\x8F\xC4\x62\x20\xE9\x78\x40\x97\x05\x98\xE6" - "\x22\x48\x3D\x3D\xCA\x6A\x3F\xEF\xB0\x23\x14\x30\xDA\x35\x46\x65" - "\x55\xEF\xEB\xA1\xA9\xCF\x83\xE7\xEF\xF2\x83\x6D\x38\xEA\x88\xED", 128, - (const unsigned char*) /* private exponent */ - "\x52\x2A\x68\xE3\x9A\xAA\xED\xA3\x49\xBA\x6F\xEA\x86\xD1\xF6\x68" - "\x79\x4F\x4D\x2D\x44\x9B\x4C\xA2\xC6\xBA\x6C\xD2\x69\x84\xEA\x7A" - "\xCD\x71\x3F\x80\xC5\x03\x28\x34\x88\x8C\x58\x33\x29\xFA\xB5\x81" - "\x5C\x46\x29\xC6\xFF\xAC\x86\xD8\x8E\x61\x98\xD4\xC0\x0D\x20\xDE" - "\xEB\x61\x1C\x0C\x3C\x19\xA3\x75\x10\x7D\xDA\xA9\x55\xA7\x64\x5F" - "\xE0\xB6\x35\x62\x00\xD9\xD2\xF7\xA4\xDF\x85\xFF\xDF\x86\x75\x29" - "\x66\x16\x03\x8C\xC0\xB0\x3F\xAB\xBA\x41\xB3\x3C\x76\x58\xB6\xE2" - "\x1F\x36\x47\x5F\x1F\x0E\x4C\xB5\x29\x90\xDC\xA1\xF8\xFA\x58\x19", 128, - (const unsigned char*) /* public exponent */ - "\x01\x00\x01", 3, - NULL, 0); - - return 0; -} diff --git a/libs/nixio/axTLS/ssl/test/deutsche_telecom.x509_ca b/libs/nixio/axTLS/ssl/test/deutsche_telecom.x509_ca Binary files differdeleted file mode 100644 index 0f4b96a0d..000000000 --- a/libs/nixio/axTLS/ssl/test/deutsche_telecom.x509_ca +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/equifax.x509_ca b/libs/nixio/axTLS/ssl/test/equifax.x509_ca Binary files differdeleted file mode 100644 index 79b0a3f98..000000000 --- a/libs/nixio/axTLS/ssl/test/equifax.x509_ca +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/gnutls.cer b/libs/nixio/axTLS/ssl/test/gnutls.cer Binary files differdeleted file mode 100755 index 312e36540..000000000 --- a/libs/nixio/axTLS/ssl/test/gnutls.cer +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/header_issue.dat b/libs/nixio/axTLS/ssl/test/header_issue.dat Binary files differdeleted file mode 100755 index a48d23d2b..000000000 --- a/libs/nixio/axTLS/ssl/test/header_issue.dat +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/killopenssl.sh b/libs/nixio/axTLS/ssl/test/killopenssl.sh deleted file mode 100755 index 17950fbae..000000000 --- a/libs/nixio/axTLS/ssl/test/killopenssl.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -ps -ef|grep openssl | /usr/bin/awk '{print $2}' |xargs kill -9 diff --git a/libs/nixio/axTLS/ssl/test/make_certs.sh b/libs/nixio/axTLS/ssl/test/make_certs.sh deleted file mode 100755 index dfc39d4f5..000000000 --- a/libs/nixio/axTLS/ssl/test/make_certs.sh +++ /dev/null @@ -1,174 +0,0 @@ -#!/bin/sh - -# -# Copyright (c) 2007, Cameron Rich -# -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# * Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the axTLS project nor the names of its -# contributors may be used to endorse or promote products derived -# from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY -# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -# -# Generate the certificates and keys for testing. -# - -PROJECT_NAME="axTLS Project" - -# Generate the openssl configuration files. -cat > ca_cert.conf << EOF -[ req ] -distinguished_name = req_distinguished_name -prompt = no - -[ req_distinguished_name ] - O = $PROJECT_NAME Dodgy Certificate Authority -EOF - -cat > certs.conf << EOF -[ req ] -distinguished_name = req_distinguished_name -prompt = no - -[ req_distinguished_name ] - O = $PROJECT_NAME - CN = 127.0.0.1 -EOF - -cat > device_cert.conf << EOF -[ req ] -distinguished_name = req_distinguished_name -prompt = no - -[ req_distinguished_name ] - O = $PROJECT_NAME Device Certificate -EOF - -# private key generation -openssl genrsa -out axTLS.ca_key.pem 1024 -openssl genrsa -out axTLS.key_512.pem 512 -openssl genrsa -out axTLS.key_1024.pem 1024 -openssl genrsa -out axTLS.key_2048.pem 2048 -openssl genrsa -out axTLS.key_4096.pem 4096 -openssl genrsa -out axTLS.device_key.pem 1024 -openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512 -openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 512 - -# convert private keys into DER format -openssl rsa -in axTLS.key_512.pem -out axTLS.key_512 -outform DER -openssl rsa -in axTLS.key_1024.pem -out axTLS.key_1024 -outform DER -openssl rsa -in axTLS.key_2048.pem -out axTLS.key_2048 -outform DER -openssl rsa -in axTLS.key_4096.pem -out axTLS.key_4096 -outform DER -openssl rsa -in axTLS.device_key.pem -out axTLS.device_key -outform DER - -# cert requests -openssl req -out axTLS.ca_x509.req -key axTLS.ca_key.pem -new \ - -config ./ca_cert.conf -openssl req -out axTLS.x509_512.req -key axTLS.key_512.pem -new \ - -config ./certs.conf -openssl req -out axTLS.x509_1024.req -key axTLS.key_1024.pem -new \ - -config ./certs.conf -openssl req -out axTLS.x509_2048.req -key axTLS.key_2048.pem -new \ - -config ./certs.conf -openssl req -out axTLS.x509_4096.req -key axTLS.key_4096.pem -new \ - -config ./certs.conf -openssl req -out axTLS.x509_device.req -key axTLS.device_key.pem -new \ - -config ./device_cert.conf -openssl req -out axTLS.x509_aes128.req -key axTLS.key_aes128.pem \ - -new -config ./certs.conf -passin pass:abcd -openssl req -out axTLS.x509_aes256.req -key axTLS.key_aes256.pem \ - -new -config ./certs.conf -passin pass:abcd - -# generate the actual certs. -openssl x509 -req -in axTLS.ca_x509.req -out axTLS.ca_x509.pem \ - -sha1 -days 10000 -signkey axTLS.ca_key.pem -openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_512.pem \ - -sha1 -CAcreateserial -days 10000 \ - -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_1024.pem \ - -sha1 -CAcreateserial -days 10000 \ - -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -openssl x509 -req -in axTLS.x509_2048.req -out axTLS.x509_2048.pem \ - -md5 -CAcreateserial -days 10000 \ - -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -openssl x509 -req -in axTLS.x509_4096.req -out axTLS.x509_4096.pem \ - -md5 -CAcreateserial -days 10000 \ - -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -openssl x509 -req -in axTLS.x509_device.req -out axTLS.x509_device.pem \ - -sha1 -CAcreateserial -days 10000 \ - -CA axTLS.x509_512.pem -CAkey axTLS.key_512.pem -openssl x509 -req -in axTLS.x509_aes128.req \ - -out axTLS.x509_aes128.pem \ - -sha1 -CAcreateserial -days 10000 \ - -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -openssl x509 -req -in axTLS.x509_aes256.req \ - -out axTLS.x509_aes256.pem \ - -sha1 -CAcreateserial -days 10000 \ - -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem - -# note: must be root to do this -DATE_NOW=`date` -if date -s "Jan 1 2025"; then -openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_bad_before.pem \ - -sha1 -CAcreateserial -days 365 \ - -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -date -s "$DATE_NOW" -touch axTLS.x509_bad_before.pem -fi -openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_bad_after.pem \ - -sha1 -CAcreateserial -days -365 \ - -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem - -# some cleanup -rm axTLS*.req -rm axTLS.srl -rm *.conf - -# need this for the client tests -openssl x509 -in axTLS.ca_x509.pem -outform DER -out axTLS.ca_x509.cer -openssl x509 -in axTLS.x509_512.pem -outform DER -out axTLS.x509_512.cer -openssl x509 -in axTLS.x509_1024.pem -outform DER -out axTLS.x509_1024.cer -openssl x509 -in axTLS.x509_2048.pem -outform DER -out axTLS.x509_2048.cer -openssl x509 -in axTLS.x509_4096.pem -outform DER -out axTLS.x509_4096.cer -openssl x509 -in axTLS.x509_device.pem -outform DER -out axTLS.x509_device.cer - -# generate pkcs8 files (use RC4-128 for encryption) -openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8 -openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -outform DER -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8 -openssl pkcs8 -in axTLS.key_512.pem -nocrypt -topk8 -out axTLS.unencrypted_pem.p8 -openssl pkcs8 -in axTLS.key_512.pem -nocrypt -topk8 -outform DER -out axTLS.unencrypted.p8 - -# generate pkcs12 files (use RC4-128 for encryption) -openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_with_CA" -out axTLS.withCA.p12 -password pass:abcd -openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_without_CA" -out axTLS.withoutCA.p12 -password pass:abcd -openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -out axTLS.noname.p12 -password pass:abcd - -# PEM certificate chain -cat axTLS.ca_x509.pem >> axTLS.x509_device.pem - -# set default key/cert for use in the server -xxd -i axTLS.x509_1024.cer | sed -e \ - "s/axTLS_x509_1024_cer/default_certificate/" > ../../ssl/cert.h -xxd -i axTLS.key_1024 | sed -e \ - "s/axTLS_key_1024/default_private_key/" > ../../ssl/private_key.h diff --git a/libs/nixio/axTLS/ssl/test/microsoft.x509_ca b/libs/nixio/axTLS/ssl/test/microsoft.x509_ca Binary files differdeleted file mode 100644 index b90803452..000000000 --- a/libs/nixio/axTLS/ssl/test/microsoft.x509_ca +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/microsoft.x509_ca.pem b/libs/nixio/axTLS/ssl/test/microsoft.x509_ca.pem deleted file mode 100644 index 478e60b07..000000000 --- a/libs/nixio/axTLS/ssl/test/microsoft.x509_ca.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAx -KzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAc -BgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0 -IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFow -cDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEe -MBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3Nv -ZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR5 -7qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbB -RucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55Er -GOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgko -IQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJc -PMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw -72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBN -aWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEh -MB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs -30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4F -kYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+ -Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH -/YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdS -VLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQc -BOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qA= ------END CERTIFICATE----- diff --git a/libs/nixio/axTLS/ssl/test/ms_iis.cer b/libs/nixio/axTLS/ssl/test/ms_iis.cer deleted file mode 100755 index 250b926d6..000000000 --- a/libs/nixio/axTLS/ssl/test/ms_iis.cer +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE-----
-MIIB5jCCAVOgAwIBAgIQWPe7KyA+U7lLUohulwW2HDAJBgUrDgMCHQUAMCExHzAd
-BgNVBAMTFmF4dGxzLmNlcm9jY2x1Yi5jb20uYXUwHhcNMDgwMzE3MTAyMTA2WhcN
-MDkwMzE3MTAyMTA2WjAhMR8wHQYDVQQDExZheHRscy5jZXJvY2NsdWIuY29tLmF1
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9JqHlQjrQMt3JW8yxcGhFagDa
-D4QiIY8+KItTt13fIBt5g1AG4VXniaylSqKKYNPwVzqSWl7WhxMmoFU73veF8o4M
-G0Zc5qbVB6ukrSV4WaTgHrIO6pWkyiaQ4L/eYfCo/2pByhl0IUKkf/TMN346/rFg
-JgrElx01l6QHNQrzVQIDAQABoycwJTATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNV
-HQ8EBwMFALAAAAAwCQYFKw4DAh0FAAOBgQAbH94H1fryngROJ//Oa0D3vvTO8CJ3
-8VW+3gQEwrPBOWmN6RV8OM0dE6pf8wD3s7PTCcM5+/HI1Qk53nUGrNiOmKM1s0JB
-bvsO9RT+UF8mtdbo/n30M0MHMWPCC76baW3R+ANBp/V/z4l1ytpUTt+MHvz0VlUs
-J4uJA3s3uh23Tg==
------END CERTIFICATE-----
diff --git a/libs/nixio/axTLS/ssl/test/perf_bigint.c b/libs/nixio/axTLS/ssl/test/perf_bigint.c deleted file mode 100644 index a4ffab6a3..000000000 --- a/libs/nixio/axTLS/ssl/test/perf_bigint.c +++ /dev/null @@ -1,228 +0,0 @@ -/* - * Copyright (c) 2007, Cameron Rich - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * * Neither the name of the axTLS project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * Some performance testing of bigint. - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include "ssl.h" - -/************************************************************************** - * BIGINT tests - * - **************************************************************************/ - -int main(int argc, char *argv[]) -{ -#ifdef CONFIG_SSL_CERT_VERIFICATION - RSA_CTX *rsa_ctx; - BI_CTX *ctx; - bigint *bi_data, *bi_res; - int diff, res = 1; - struct timeval tv_old, tv_new; - const char *plaintext; - uint8_t compare[MAX_KEY_BYTE_SIZE]; - int i, max_biggie = 10; /* really crank performance */ - int len; - uint8_t *buf; - - /** - * 512 bit key - */ - plaintext = /* 64 byte number */ - "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"; - - len = get_file("../ssl/test/axTLS.key_512", &buf); - asn1_get_private_key(buf, len, &rsa_ctx); - ctx = rsa_ctx->bi_ctx; - bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext)); - bi_res = RSA_public(rsa_ctx, bi_data); - bi_data = bi_res; /* reuse again */ - - gettimeofday(&tv_old, NULL); - for (i = 0; i < max_biggie; i++) - { - bi_res = RSA_private(rsa_ctx, bi_copy(bi_data)); - if (i < max_biggie-1) - { - bi_free(ctx, bi_res); - } - } - - gettimeofday(&tv_new, NULL); - bi_free(ctx, bi_data); - - diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 + - (tv_new.tv_usec-tv_old.tv_usec)/1000; - printf("512 bit decrypt time: %dms\n", diff/max_biggie); - TTY_FLUSH(); - bi_export(ctx, bi_res, compare, 64); - RSA_free(rsa_ctx); - free(buf); - if (memcmp(plaintext, compare, 64) != 0) - goto end; - - /** - * 1024 bit key - */ - plaintext = /* 128 byte number */ - "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" - "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"; - - len = get_file("../ssl/test/axTLS.key_1024", &buf); - asn1_get_private_key(buf, len, &rsa_ctx); - ctx = rsa_ctx->bi_ctx; - bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext)); - bi_res = RSA_public(rsa_ctx, bi_data); - bi_data = bi_res; /* reuse again */ - - gettimeofday(&tv_old, NULL); - for (i = 0; i < max_biggie; i++) - { - bi_res = RSA_private(rsa_ctx, bi_copy(bi_data)); - if (i < max_biggie-1) - { - bi_free(ctx, bi_res); - } - } - - gettimeofday(&tv_new, NULL); - bi_free(ctx, bi_data); - - diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 + - (tv_new.tv_usec-tv_old.tv_usec)/1000; - printf("1024 bit decrypt time: %dms\n", diff/max_biggie); - TTY_FLUSH(); - bi_export(ctx, bi_res, compare, 128); - RSA_free(rsa_ctx); - free(buf); - if (memcmp(plaintext, compare, 128) != 0) - goto end; - - /** - * 2048 bit key - */ - plaintext = /* 256 byte number */ - "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" - "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" - "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" - "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"; - - len = get_file("../ssl/test/axTLS.key_2048", &buf); - asn1_get_private_key(buf, len, &rsa_ctx); - ctx = rsa_ctx->bi_ctx; - bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext)); - bi_res = RSA_public(rsa_ctx, bi_data); - bi_data = bi_res; /* reuse again */ - - gettimeofday(&tv_old, NULL); - for (i = 0; i < max_biggie; i++) - { - bi_res = RSA_private(rsa_ctx, bi_copy(bi_data)); - if (i < max_biggie-1) - { - bi_free(ctx, bi_res); - } - } - gettimeofday(&tv_new, NULL); - bi_free(ctx, bi_data); - - diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 + - (tv_new.tv_usec-tv_old.tv_usec)/1000; - printf("2048 bit decrypt time: %dms\n", diff/max_biggie); - TTY_FLUSH(); - bi_export(ctx, bi_res, compare, 256); - RSA_free(rsa_ctx); - free(buf); - if (memcmp(plaintext, compare, 256) != 0) - goto end; - - /** - * 4096 bit key - */ - plaintext = /* 512 byte number */ - "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" - "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" - "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" - "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" - "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" - "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" - "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" - "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"; - - len = get_file("../ssl/test/axTLS.key_4096", &buf); - asn1_get_private_key(buf, len, &rsa_ctx); - ctx = rsa_ctx->bi_ctx; - bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext)); - gettimeofday(&tv_old, NULL); - bi_res = RSA_public(rsa_ctx, bi_data); - gettimeofday(&tv_new, NULL); - diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 + - (tv_new.tv_usec-tv_old.tv_usec)/1000; - printf("4096 bit encrypt time: %dms\n", diff); - TTY_FLUSH(); - bi_data = bi_res; /* reuse again */ - - gettimeofday(&tv_old, NULL); - for (i = 0; i < max_biggie; i++) - { - bi_res = RSA_private(rsa_ctx, bi_copy(bi_data)); - if (i < max_biggie-1) - { - bi_free(ctx, bi_res); - } - } - - gettimeofday(&tv_new, NULL); - bi_free(ctx, bi_data); - - diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 + - (tv_new.tv_usec-tv_old.tv_usec)/1000; - printf("4096 bit decrypt time: %dms\n", diff/max_biggie); - TTY_FLUSH(); - bi_export(ctx, bi_res, compare, 512); - RSA_free(rsa_ctx); - free(buf); - if (memcmp(plaintext, compare, 512) != 0) - goto end; - - /* done */ - printf("Bigint performance testing complete\n"); - res = 0; - -end: - return res; -#else - return 0; -#endif -} diff --git a/libs/nixio/axTLS/ssl/test/socgen.cer b/libs/nixio/axTLS/ssl/test/socgen.cer Binary files differdeleted file mode 100755 index a4278705b..000000000 --- a/libs/nixio/axTLS/ssl/test/socgen.cer +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/ssltest.c b/libs/nixio/axTLS/ssl/test/ssltest.c deleted file mode 100644 index d525e1a68..000000000 --- a/libs/nixio/axTLS/ssl/test/ssltest.c +++ /dev/null @@ -1,1983 +0,0 @@ -/* - * Copyright (c) 2007, Cameron Rich - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * * Neither the name of the axTLS project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * The testing of the crypto and ssl stuff goes here. Keeps the individual code - * modules from being uncluttered with test code. - * - * This is test code - I make no apologies for the quality! - */ - -#include <stdio.h> -#include <stdlib.h> -#include <signal.h> -#include <string.h> -#include <errno.h> -#include <sys/stat.h> -#include <fcntl.h> - -#ifndef WIN32 -#include <pthread.h> -#endif - -#include "ssl.h" - -#define DEFAULT_CERT "../ssl/test/axTLS.x509_512.cer" -#define DEFAULT_KEY "../ssl/test/axTLS.key_512" -//#define DEFAULT_SVR_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES -#define DEFAULT_SVR_OPTION 0 -#define DEFAULT_CLNT_OPTION 0 -//#define DEFAULT_CLNT_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES - -static int g_port = 19001; - -/************************************************************************** - * AES tests - * - * Run through a couple of the RFC3602 tests to verify that AES is correct. - **************************************************************************/ -#define TEST1_SIZE 16 -#define TEST2_SIZE 32 - -static int AES_test(BI_CTX *bi_ctx) -{ - AES_CTX aes_key; - int res = 1; - uint8_t key[TEST1_SIZE]; - uint8_t iv[TEST1_SIZE]; - - { - /* - Case #1: Encrypting 16 bytes (1 block) using AES-CBC - Key : 0x06a9214036b8a15b512e03d534120006 - IV : 0x3dafba429d9eb430b422da802c9fac41 - Plaintext : "Single block msg" - Ciphertext: 0xe353779c1079aeb82708942dbe77181a - - */ - char *in_str = "Single block msg"; - uint8_t ct[TEST1_SIZE]; - uint8_t enc_data[TEST1_SIZE]; - uint8_t dec_data[TEST1_SIZE]; - - bigint *key_bi = bi_str_import( - bi_ctx, "06A9214036B8A15B512E03D534120006"); - bigint *iv_bi = bi_str_import( - bi_ctx, "3DAFBA429D9EB430B422DA802C9FAC41"); - bigint *ct_bi = bi_str_import( - bi_ctx, "E353779C1079AEB82708942DBE77181A"); - bi_export(bi_ctx, key_bi, key, TEST1_SIZE); - bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE); - bi_export(bi_ctx, ct_bi, ct, TEST1_SIZE); - - AES_set_key(&aes_key, key, iv, AES_MODE_128); - AES_cbc_encrypt(&aes_key, (const uint8_t *)in_str, - enc_data, sizeof(enc_data)); - if (memcmp(enc_data, ct, sizeof(ct))) - { - printf("Error: AES ENCRYPT #1 failed\n"); - goto end; - } - - AES_set_key(&aes_key, key, iv, AES_MODE_128); - AES_convert_key(&aes_key); - AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data)); - - if (memcmp(dec_data, in_str, sizeof(dec_data))) - { - printf("Error: AES DECRYPT #1 failed\n"); - goto end; - } - } - - { - /* - Case #2: Encrypting 32 bytes (2 blocks) using AES-CBC - Key : 0xc286696d887c9aa0611bbb3e2025a45a - IV : 0x562e17996d093d28ddb3ba695a2e6f58 - Plaintext : 0x000102030405060708090a0b0c0d0e0f - 101112131415161718191a1b1c1d1e1f - Ciphertext: 0xd296cd94c2cccf8a3a863028b5e1dc0a - 7586602d253cfff91b8266bea6d61ab1 - */ - uint8_t in_data[TEST2_SIZE]; - uint8_t ct[TEST2_SIZE]; - uint8_t enc_data[TEST2_SIZE]; - uint8_t dec_data[TEST2_SIZE]; - - bigint *in_bi = bi_str_import(bi_ctx, - "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"); - bigint *key_bi = bi_str_import( - bi_ctx, "C286696D887C9AA0611BBB3E2025A45A"); - bigint *iv_bi = bi_str_import( - bi_ctx, "562E17996D093D28DDB3BA695A2E6F58"); - bigint *ct_bi = bi_str_import(bi_ctx, - "D296CD94C2CCCF8A3A863028B5E1DC0A7586602D253CFFF91B8266BEA6D61AB1"); - bi_export(bi_ctx, in_bi, in_data, TEST2_SIZE); - bi_export(bi_ctx, key_bi, key, TEST1_SIZE); - bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE); - bi_export(bi_ctx, ct_bi, ct, TEST2_SIZE); - - AES_set_key(&aes_key, key, iv, AES_MODE_128); - AES_cbc_encrypt(&aes_key, (const uint8_t *)in_data, - enc_data, sizeof(enc_data)); - - if (memcmp(enc_data, ct, sizeof(ct))) - { - printf("Error: ENCRYPT #2 failed\n"); - goto end; - } - - AES_set_key(&aes_key, key, iv, AES_MODE_128); - AES_convert_key(&aes_key); - AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data)); - if (memcmp(dec_data, in_data, sizeof(dec_data))) - { - printf("Error: DECRYPT #2 failed\n"); - goto end; - } - } - - res = 0; - printf("All AES tests passed\n"); - -end: - return res; -} - -/************************************************************************** - * RC4 tests - * - * ARC4 tests vectors from OpenSSL (crypto/rc4/rc4test.c) - **************************************************************************/ -static const uint8_t keys[7][30]= -{ - {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}, - {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}, - {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {4,0xef,0x01,0x23,0x45}, - {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}, - {4,0xef,0x01,0x23,0x45}, -}; - -static const uint8_t data_len[7]={8,8,8,20,28,10}; -static uint8_t data[7][30]= -{ - {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0xff}, - {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0, - 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0, - 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0, - 0x12,0x34,0x56,0x78,0xff}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff}, - {0}, -}; - -static const uint8_t output[7][30]= -{ - {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00}, - {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00}, - {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00}, - {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf, - 0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba, - 0x36,0xb6,0x78,0x58,0x00}, - {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89, - 0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c, - 0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87, - 0x40,0x01,0x1e,0xcf,0x00}, - {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00}, - {0}, -}; - -static int RC4_test(BI_CTX *bi_ctx) -{ - int i, res = 1; - RC4_CTX s; - - for (i = 0; i < 6; i++) - { - RC4_setup(&s, &keys[i][1], keys[i][0]); - RC4_crypt(&s, data[i], data[i], data_len[i]); - - if (memcmp(data[i], output[i], data_len[i])) - { - printf("Error: RC4 CRYPT #%d failed\n", i); - goto end; - } - } - - res = 0; - printf("All RC4 tests passed\n"); - -end: - return res; -} - -/************************************************************************** - * SHA1 tests - * - * Run through a couple of the RFC3174 tests to verify that SHA1 is correct. - **************************************************************************/ -static int SHA1_test(BI_CTX *bi_ctx) -{ - SHA1_CTX ctx; - uint8_t ct[SHA1_SIZE]; - uint8_t digest[SHA1_SIZE]; - int res = 1; - - { - const char *in_str = "abc"; - bigint *ct_bi = bi_str_import(bi_ctx, - "A9993E364706816ABA3E25717850C26C9CD0D89D"); - bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE); - - SHA1_Init(&ctx); - SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str)); - SHA1_Final(digest, &ctx); - - if (memcmp(digest, ct, sizeof(ct))) - { - printf("Error: SHA1 #1 failed\n"); - goto end; - } - } - - { - const char *in_str = - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - bigint *ct_bi = bi_str_import(bi_ctx, - "84983E441C3BD26EBAAE4AA1F95129E5E54670F1"); - bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE); - - SHA1_Init(&ctx); - SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str)); - SHA1_Final(digest, &ctx); - - if (memcmp(digest, ct, sizeof(ct))) - { - printf("Error: SHA1 #2 failed\n"); - goto end; - } - } - - res = 0; - printf("All SHA1 tests passed\n"); - -end: - return res; -} - -/************************************************************************** - * MD5 tests - * - * Run through a couple of the RFC1321 tests to verify that MD5 is correct. - **************************************************************************/ -static int MD5_test(BI_CTX *bi_ctx) -{ - MD5_CTX ctx; - uint8_t ct[MD5_SIZE]; - uint8_t digest[MD5_SIZE]; - int res = 1; - - { - const char *in_str = "abc"; - bigint *ct_bi = bi_str_import(bi_ctx, - "900150983CD24FB0D6963F7D28E17F72"); - bi_export(bi_ctx, ct_bi, ct, MD5_SIZE); - - MD5_Init(&ctx); - MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str)); - MD5_Final(digest, &ctx); - - if (memcmp(digest, ct, sizeof(ct))) - { - printf("Error: MD5 #1 failed\n"); - goto end; - } - } - - { - const char *in_str = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; - bigint *ct_bi = bi_str_import( - bi_ctx, "D174AB98D277D9F5A5611C2C9F419D9F"); - bi_export(bi_ctx, ct_bi, ct, MD5_SIZE); - - MD5_Init(&ctx); - MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str)); - MD5_Final(digest, &ctx); - - if (memcmp(digest, ct, sizeof(ct))) - { - printf("Error: MD5 #2 failed\n"); - goto end; - } - } - res = 0; - printf("All MD5 tests passed\n"); - -end: - return res; -} - -/************************************************************************** - * HMAC tests - * - * Run through a couple of the RFC2202 tests to verify that HMAC is correct. - **************************************************************************/ -static int HMAC_test(BI_CTX *bi_ctx) -{ - uint8_t key[SHA1_SIZE]; - uint8_t ct[SHA1_SIZE]; - uint8_t dgst[SHA1_SIZE]; - int res = 1; - const char *key_str; - - const char *data_str = "Hi There"; - bigint *key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B"); - bigint *ct_bi = bi_str_import(bi_ctx, "9294727A3638BB1C13F48EF8158BFC9D"); - bi_export(bi_ctx, key_bi, key, MD5_SIZE); - bi_export(bi_ctx, ct_bi, ct, MD5_SIZE); - hmac_md5((const uint8_t *)data_str, 8, key, MD5_SIZE, dgst); - if (memcmp(dgst, ct, MD5_SIZE)) - { - printf("HMAC MD5 #1 failed\n"); - goto end; - } - - data_str = "what do ya want for nothing?"; - key_str = "Jefe"; - ct_bi = bi_str_import(bi_ctx, "750C783E6AB0B503EAA86E310A5DB738"); - bi_export(bi_ctx, ct_bi, ct, MD5_SIZE); - hmac_md5((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst); - if (memcmp(dgst, ct, MD5_SIZE)) - { - printf("HMAC MD5 #2 failed\n"); - goto end; - } - - data_str = "Hi There"; - key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B"); - bi_export(bi_ctx, key_bi, key, SHA1_SIZE); - ct_bi = bi_str_import(bi_ctx, "B617318655057264E28BC0B6FB378C8EF146BE00"); - bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE); - - hmac_sha1((const uint8_t *)data_str, 8, - (const uint8_t *)key, SHA1_SIZE, dgst); - if (memcmp(dgst, ct, SHA1_SIZE)) - { - printf("HMAC SHA1 #1 failed\n"); - goto end; - } - - data_str = "what do ya want for nothing?"; - key_str = "Jefe"; - ct_bi = bi_str_import(bi_ctx, "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79"); - bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE); - - hmac_sha1((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 5, dgst); - if (memcmp(dgst, ct, SHA1_SIZE)) - { - printf("HMAC SHA1 failed\n"); - exit(1); - } - - res = 0; - printf("All HMAC tests passed\n"); - -end: - return res; -} - -/************************************************************************** - * BIGINT tests - * - **************************************************************************/ -static int BIGINT_test(BI_CTX *ctx) -{ - int res = 1; - bigint *bi_data, *bi_exp, *bi_res; - const char *expnt, *plaintext, *mod; - uint8_t compare[MAX_KEY_BYTE_SIZE]; - - /** - * 512 bit key - */ - plaintext = /* 64 byte number */ - "01aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee"; - - mod = "C30773C8ABE09FCC279EE0E5343370DE" - "8B2FFDB6059271E3005A7CEEF0D35E0A" - "1F9915D95E63560836CC2EB2C289270D" - "BCAE8CAF6F5E907FC2759EE220071E1B"; - - expnt = "A1E556CD1738E10DF539E35101334E97" - "BE8D391C57A5C89A7AD9A2EA2ACA1B3D" - "F3140F5091CC535CBAA47CEC4159EE1F" - "B6A3661AFF1AB758426EAB158452A9B9"; - - bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext)); - bi_exp = int_to_bi(ctx, 0x10001); - bi_set_mod(ctx, bi_str_import(ctx, mod), 0); - bi_res = bi_mod_power(ctx, bi_data, bi_exp); - - bi_data = bi_res; /* resuse again - see if we get the original */ - - bi_exp = bi_str_import(ctx, expnt); - bi_res = bi_mod_power(ctx, bi_data, bi_exp); - bi_free_mod(ctx, 0); - - bi_export(ctx, bi_res, compare, 64); - if (memcmp(plaintext, compare, 64) != 0) - goto end; - - printf("All BIGINT tests passed\n"); - res = 0; - -end: - return res; -} - -/************************************************************************** - * RSA tests - * - * Use the results from openssl to verify PKCS1 etc - **************************************************************************/ -static int RSA_test(void) -{ - int res = 1; - const char *plaintext = /* 128 byte hex number */ - "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee2" - "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeee2\012"; - uint8_t enc_data[128], dec_data[128]; - RSA_CTX *rsa_ctx = NULL; - BI_CTX *bi_ctx; - bigint *plaintext_bi; - bigint *enc_data_bi, *dec_data_bi; - uint8_t enc_data2[128], dec_data2[128]; - int size; - int len; - uint8_t *buf; - - /* extract the private key elements */ - len = get_file("../ssl/test/axTLS.key_1024", &buf); - if (asn1_get_private_key(buf, len, &rsa_ctx) < 0) - { - goto end; - } - - free(buf); - bi_ctx = rsa_ctx->bi_ctx; - plaintext_bi = bi_import(bi_ctx, - (const uint8_t *)plaintext, strlen(plaintext)); - - /* basic rsa encrypt */ - enc_data_bi = RSA_public(rsa_ctx, plaintext_bi); - bi_export(bi_ctx, bi_copy(enc_data_bi), enc_data, sizeof(enc_data)); - - /* basic rsa decrypt */ - dec_data_bi = RSA_private(rsa_ctx, enc_data_bi); - bi_export(bi_ctx, dec_data_bi, dec_data, sizeof(dec_data)); - - if (memcmp(dec_data, plaintext, strlen(plaintext))) - { - printf("Error: DECRYPT #1 failed\n"); - goto end; - } - - RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0); - size = RSA_decrypt(rsa_ctx, enc_data2, dec_data2, 1); - if (memcmp("abc", dec_data2, 3)) - { - printf("Error: ENCRYPT/DECRYPT #2 failed\n"); - goto end; - } - - RSA_free(rsa_ctx); - res = 0; - printf("All RSA tests passed\n"); - -end: - return res; -} - -/************************************************************************** - * Cert Testing - * - **************************************************************************/ -static int cert_tests(void) -{ - int res = -1, len; - X509_CTX *x509_ctx; - SSL_CTX *ssl_ctx; - uint8_t *buf; - - /* check a bunch of 3rd party certificates */ - ssl_ctx = ssl_ctx_new(0, 0); - len = get_file("../ssl/test/microsoft.x509_ca", &buf); - if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0) - { - printf("Cert #1\n"); - ssl_display_error(res); - goto bad_cert; - } - - ssl_ctx_free(ssl_ctx); - free(buf); - - ssl_ctx = ssl_ctx_new(0, 0); - len = get_file("../ssl/test/thawte.x509_ca", &buf); - if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0) - { - printf("Cert #2\n"); - ssl_display_error(res); - goto bad_cert; - } - - ssl_ctx_free(ssl_ctx); - free(buf); - - ssl_ctx = ssl_ctx_new(0, 0); - len = get_file("../ssl/test/deutsche_telecom.x509_ca", &buf); - if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0) - { - printf("Cert #3\n"); - ssl_display_error(res); - goto bad_cert; - } - - ssl_ctx_free(ssl_ctx); - free(buf); - - ssl_ctx = ssl_ctx_new(0, 0); - len = get_file("../ssl/test/equifax.x509_ca", &buf); - if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0) - { - printf("Cert #4\n"); - ssl_display_error(res); - goto bad_cert; - } - - ssl_ctx_free(ssl_ctx); - free(buf); - - ssl_ctx = ssl_ctx_new(0, 0); - len = get_file("../ssl/test/gnutls.cer", &buf); - if ((res = add_cert(ssl_ctx, buf, len)) < 0) - { - printf("Cert #5\n"); - ssl_display_error(res); - goto bad_cert; - } - - ssl_ctx_free(ssl_ctx); - free(buf); - - ssl_ctx = ssl_ctx_new(0, 0); - len = get_file("../ssl/test/socgen.cer", &buf); - if ((res = add_cert(ssl_ctx, buf, len)) < 0) - { - printf("Cert #6\n"); - ssl_display_error(res); - goto bad_cert; - } - - ssl_ctx_free(ssl_ctx); - free(buf); - - ssl_ctx = ssl_ctx_new(0, 0); - len = get_file("../ssl/test/verisign.x509_ca", &buf); - if ((res = add_cert_auth(ssl_ctx, buf, len)) <0) - { - printf("Cert #7\n"); - ssl_display_error(res); - goto bad_cert; - } - - ssl_ctx_free(ssl_ctx); - free(buf); - - if (get_file("../ssl/test/verisign.x509_my_cert", &buf) < 0 || - x509_new(buf, &len, &x509_ctx)) - { - printf("Cert #8\n"); - ssl_display_error(res); - goto bad_cert; - } - - x509_free(x509_ctx); - free(buf); - - ssl_ctx = ssl_ctx_new(0, 0); - if ((res = ssl_obj_load(ssl_ctx, - SSL_OBJ_X509_CERT, "../ssl/test/ms_iis.cer", NULL)) != SSL_OK) - { - ssl_display_error(res); - goto bad_cert; - } - - ssl_ctx_free(ssl_ctx); - res = 0; /* all ok */ - printf("All Certificate tests passed\n"); - -bad_cert: - if (res) - printf("Error: A certificate test failed\n"); - return res; -} - -/** - * init a server socket. - */ -static int server_socket_init(int *port) -{ - struct sockaddr_in serv_addr; - int server_fd; - char yes = 1; - - /* Create socket for incoming connections */ - if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) - { - return -1; - } - - setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)); - -go_again: - /* Construct local address structure */ - memset(&serv_addr, 0, sizeof(serv_addr)); /* Zero out structure */ - serv_addr.sin_family = AF_INET; /* Internet address family */ - serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */ - serv_addr.sin_port = htons(*port); /* Local port */ - - /* Bind to the local address */ - if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) - { - (*port)++; - goto go_again; - } - /* Mark the socket so it will listen for incoming connections */ - if (listen(server_fd, 3000) < 0) - { - return -1; - } - - return server_fd; -} - -/** - * init a client socket. - */ -static int client_socket_init(uint16_t port) -{ - struct sockaddr_in address; - int client_fd; - - address.sin_family = AF_INET; - address.sin_port = htons(port); - address.sin_addr.s_addr = inet_addr("127.0.0.1"); - client_fd = socket(AF_INET, SOCK_STREAM, 0); - if (connect(client_fd, (struct sockaddr *)&address, sizeof(address)) < 0) - { - perror("socket"); - SOCKET_CLOSE(client_fd); - client_fd = -1; - } - - return client_fd; -} - -/************************************************************************** - * SSL Server Testing - * - **************************************************************************/ -typedef struct -{ - /* not used as yet */ - int dummy; -} SVR_CTX; - -typedef struct -{ - const char *testname; - const char *openssl_option; -} client_t; - -static void do_client(client_t *clnt) -{ - char openssl_buf[2048]; - - /* make sure the main thread goes first */ - sleep(0); - - /* show the session ids in the reconnect test */ - if (strcmp(clnt->testname, "Session Reuse") == 0) - { - sprintf(openssl_buf, "echo \"hello client\" | openssl s_client " - "-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"", - g_port, clnt->openssl_option); - } - else - { - sprintf(openssl_buf, "echo \"hello client\" | openssl s_client " -#ifdef WIN32 - "-connect localhost:%d -quiet %s", -#else - "-connect localhost:%d -quiet %s > /dev/null 2>&1", -#endif - g_port, clnt->openssl_option); - } - - system(openssl_buf); -} - -static int SSL_server_test( - const char *testname, - const char *openssl_option, - const char *device_cert, - const char *product_cert, - const char *private_key, - const char *ca_cert, - const char *password, - int axtls_option) -{ - int server_fd, ret = 0; - SSL_CTX *ssl_ctx = NULL; - struct sockaddr_in client_addr; - uint8_t *read_buf; - socklen_t clnt_len = sizeof(client_addr); - client_t client_data; -#ifndef WIN32 - pthread_t thread; -#endif - g_port++; - - client_data.testname = testname; - client_data.openssl_option = openssl_option; - - if ((server_fd = server_socket_init(&g_port)) < 0) - goto error; - - if (private_key) - { - axtls_option |= SSL_NO_DEFAULT_KEY; - } - - if ((ssl_ctx = ssl_ctx_new(axtls_option, SSL_DEFAULT_SVR_SESS)) == NULL) - { - ret = SSL_ERROR_INVALID_KEY; - goto error; - } - - if (private_key) - { - int obj_type = SSL_OBJ_RSA_KEY; - - if (strstr(private_key, ".p8")) - obj_type = SSL_OBJ_PKCS8; - else if (strstr(private_key, ".p12")) - obj_type = SSL_OBJ_PKCS12; - - if (ssl_obj_load(ssl_ctx, obj_type, private_key, password)) - { - ret = SSL_ERROR_INVALID_KEY; - goto error; - } - } - - if (device_cert) /* test chaining */ - { - if ((ret = ssl_obj_load(ssl_ctx, - SSL_OBJ_X509_CERT, device_cert, NULL)) != SSL_OK) - goto error; - } - - if (product_cert) /* test chaining */ - { - if ((ret = ssl_obj_load(ssl_ctx, - SSL_OBJ_X509_CERT, product_cert, NULL)) != SSL_OK) - goto error; - } - - if (ca_cert) /* test adding certificate authorities */ - { - if ((ret = ssl_obj_load(ssl_ctx, - SSL_OBJ_X509_CACERT, ca_cert, NULL)) != SSL_OK) - goto error; - } - -#ifndef WIN32 - pthread_create(&thread, NULL, - (void *(*)(void *))do_client, (void *)&client_data); - pthread_detach(thread); -#else - CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_client, - (LPVOID)&client_data, 0, NULL); -#endif - - for (;;) - { - int client_fd, size = 0; - SSL *ssl; - - /* Wait for a client to connect */ - if ((client_fd = accept(server_fd, - (struct sockaddr *)&client_addr, &clnt_len)) < 0) - { - ret = SSL_ERROR_SOCK_SETUP_FAILURE; - goto error; - } - - /* we are ready to go */ - ssl = ssl_server_new(ssl_ctx, client_fd); - while ((size = ssl_read(ssl, &read_buf)) == SSL_OK); - SOCKET_CLOSE(client_fd); - - if (size < SSL_OK) /* got some alert or something nasty */ - { - ret = size; - - if (ret == SSL_ERROR_CONN_LOST) - { - ret = SSL_OK; - continue; - } - - break; /* we've got a problem */ - } - else /* looks more promising */ - { - if (strstr("hello client", (char *)read_buf) == NULL) - { - printf("SSL server test \"%s\" passed\n", testname); - TTY_FLUSH(); - ret = 0; - break; - } - } - - ssl_free(ssl); - } - - SOCKET_CLOSE(server_fd); - -error: - ssl_ctx_free(ssl_ctx); - return ret; -} - -int SSL_server_tests(void) -{ - int ret = -1; - struct stat stat_buf; - SVR_CTX svr_test_ctx; - memset(&svr_test_ctx, 0, sizeof(SVR_CTX)); - - printf("### starting server tests\n"); TTY_FLUSH(); - - /* Go through the algorithms */ - - /* - * TLS1 client hello - */ - if ((ret = SSL_server_test("TLSv1", "-cipher RC4-SHA -tls1", - NULL, NULL, NULL, NULL, NULL, DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * AES128-SHA - */ - if ((ret = SSL_server_test("AES256-SHA", "-cipher AES128-SHA", - DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL, - DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * AES256-SHA - */ - if ((ret = SSL_server_test("AES256-SHA", "-cipher AES128-SHA", - DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL, - DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * RC4-SHA - */ - if ((ret = SSL_server_test("RC4-SHA", "-cipher RC4-SHA", - DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL, - DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * RC4-MD5 - */ - if ((ret = SSL_server_test("RC4-MD5", "-cipher RC4-MD5", - DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL, - DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * Session Reuse - * all the session id's should match for session resumption. - */ - if ((ret = SSL_server_test("Session Reuse", - "-cipher RC4-SHA -reconnect", - DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL, - DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * 512 bit RSA key - */ - if ((ret = SSL_server_test("512 bit key", "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_512.cer", NULL, - "../ssl/test/axTLS.key_512", - NULL, NULL, DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * 1024 bit RSA key (check certificate chaining) - */ - if ((ret = SSL_server_test("1024 bit key", - "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_device.cer", - "../ssl/test/axTLS.x509_512.cer", - "../ssl/test/axTLS.device_key", - NULL, NULL, DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * 2048 bit RSA key - */ - if ((ret = SSL_server_test("2048 bit key", - "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_2048.cer", NULL, - "../ssl/test/axTLS.key_2048", - NULL, NULL, DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * 4096 bit RSA key - */ - if ((ret = SSL_server_test("4096 bit key", - "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_4096.cer", NULL, - "../ssl/test/axTLS.key_4096", - NULL, NULL, DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * Client Verification - */ - if ((ret = SSL_server_test("Client Verification", - "-cipher RC4-SHA -tls1 " - "-cert ../ssl/test/axTLS.x509_2048.pem " - "-key ../ssl/test/axTLS.key_2048.pem ", - NULL, NULL, NULL, - "../ssl/test/axTLS.ca_x509.cer", NULL, - DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION))) - goto cleanup; - - /* this test should fail */ - if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0) - { - if ((ret = SSL_server_test("Error: Bad Before Cert", - "-cipher RC4-SHA -tls1 " - "-cert ../ssl/test/axTLS.x509_bad_before.pem " - "-key ../ssl/test/axTLS.key_512.pem ", - NULL, NULL, NULL, - "../ssl/test/axTLS.ca_x509.cer", NULL, - DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) != - SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID)) - goto cleanup; - - printf("SSL server test \"%s\" passed\n", "Bad Before Cert"); - TTY_FLUSH(); - ret = 0; /* is ok */ - } - - /* this test should fail */ - if ((ret = SSL_server_test("Error: Bad After Cert", - "-cipher RC4-SHA -tls1 " - "-cert ../ssl/test/axTLS.x509_bad_after.pem " - "-key ../ssl/test/axTLS.key_512.pem ", - NULL, NULL, NULL, - "../ssl/test/axTLS.ca_x509.cer", NULL, - DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) != - SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED)) - goto cleanup; - - printf("SSL server test \"%s\" passed\n", "Bad After Cert"); - TTY_FLUSH(); - - /* - * No trusted cert - */ - if ((ret = SSL_server_test("Error: No trusted certificate", - "-cipher RC4-SHA -tls1 " - "-cert ../ssl/test/axTLS.x509_512.pem " - "-key ../ssl/test/axTLS.key_512.pem ", - NULL, NULL, NULL, - NULL, NULL, - DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) != - SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT)) - goto cleanup; - - printf("SSL server test \"%s\" passed\n", "No trusted certificate"); - TTY_FLUSH(); - - /* - * Self-signed (from the server) - */ - if ((ret = SSL_server_test("Error: Self-signed certificate (from server)", - "-cipher RC4-SHA -tls1 " - "-cert ../ssl/test/axTLS.x509_512.pem " - "-key ../ssl/test/axTLS.key_512.pem " - "-CAfile ../ssl/test/axTLS.ca_x509.pem ", - NULL, NULL, NULL, - NULL, NULL, - DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) != - SSL_X509_ERROR(X509_VFY_ERROR_SELF_SIGNED)) - goto cleanup; - - printf("SSL server test \"%s\" passed\n", - "Self-signed certificate (from server)"); - TTY_FLUSH(); - - /* - * Self-signed (from the client) - */ - if ((ret = SSL_server_test("Self-signed certificate (from client)", - "-cipher RC4-SHA -tls1 " - "-cert ../ssl/test/axTLS.x509_512.pem " - "-key ../ssl/test/axTLS.key_512.pem ", - NULL, NULL, NULL, - "../ssl/test/axTLS.ca_x509.cer", - NULL, - DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION))) - goto cleanup; - - /* - * Key in PEM format - */ - if ((ret = SSL_server_test("Key in PEM format", - "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_512.cer", NULL, - "../ssl/test/axTLS.key_512.pem", NULL, - NULL, DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * Cert in PEM format - */ - if ((ret = SSL_server_test("Cert in PEM format", - "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_512.pem", NULL, - "../ssl/test/axTLS.key_512.pem", NULL, - NULL, DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * Cert chain in PEM format - */ - if ((ret = SSL_server_test("Cert chain in PEM format", - "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_device.pem", - NULL, "../ssl/test/axTLS.device_key.pem", - "../ssl/test/axTLS.ca_x509.pem", NULL, DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * AES128 Encrypted key - */ - if ((ret = SSL_server_test("AES128 encrypted key", - "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_aes128.pem", NULL, - "../ssl/test/axTLS.key_aes128.pem", - NULL, "abcd", DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * AES256 Encrypted key - */ - if ((ret = SSL_server_test("AES256 encrypted key", - "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_aes256.pem", NULL, - "../ssl/test/axTLS.key_aes256.pem", - NULL, "abcd", DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * AES128 Encrypted invalid key - */ - if ((ret = SSL_server_test("AES128 encrypted invalid key", - "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_aes128.pem", NULL, - "../ssl/test/axTLS.key_aes128.pem", - NULL, "xyz", DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY) - goto cleanup; - - printf("SSL server test \"%s\" passed\n", "AES128 encrypted invalid key"); - TTY_FLUSH(); - - /* - * PKCS#8 key (encrypted) - */ - if ((ret = SSL_server_test("pkcs#8 encrypted", "-cipher RC4-SHA", - DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8", - NULL, "abcd", DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * PKCS#8 key (unencrypted) - */ - if ((ret = SSL_server_test("pkcs#8 unencrypted", "-cipher RC4-SHA", - DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8", - NULL, NULL, DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * PKCS#12 key/certificate - */ - if ((ret = SSL_server_test("pkcs#12 with CA", "-cipher RC4-SHA", - NULL, NULL, "../ssl/test/axTLS.withCA.p12", - NULL, "abcd", DEFAULT_SVR_OPTION))) - goto cleanup; - - if ((ret = SSL_server_test("pkcs#12 no CA", "-cipher RC4-SHA", - DEFAULT_CERT, NULL, "../ssl/test/axTLS.withoutCA.p12", - NULL, "abcd", DEFAULT_SVR_OPTION))) - goto cleanup; - - ret = 0; - -cleanup: - if (ret) - { - printf("Error: A server test failed\n"); - ssl_display_error(ret); - exit(1); - } - else - { - printf("All server tests passed\n"); TTY_FLUSH(); - } - - return ret; -} - -/************************************************************************** - * SSL Client Testing - * - **************************************************************************/ -typedef struct -{ - uint8_t session_id[SSL_SESSION_ID_SIZE]; -#ifndef WIN32 - pthread_t server_thread; -#endif - int start_server; - int stop_server; - int do_reneg; -} CLNT_SESSION_RESUME_CTX; - -typedef struct -{ - const char *testname; - const char *openssl_option; -} server_t; - -static void do_server(server_t *svr) -{ - char openssl_buf[2048]; -#ifndef WIN32 - pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL); -#endif - sprintf(openssl_buf, "openssl s_server -tls1 " - "-accept %d -quiet %s ", g_port, svr->openssl_option); - system(openssl_buf); -} - -static int SSL_client_test( - const char *test, - SSL_CTX **ssl_ctx, - const char *openssl_option, - CLNT_SESSION_RESUME_CTX *sess_resume, - uint32_t client_options, - const char *private_key, - const char *password, - const char *cert) -{ - server_t server_data; - SSL *ssl = NULL; - int client_fd = -1; - uint8_t *session_id = NULL; - int ret = 1; -#ifndef WIN32 - pthread_t thread; -#endif - - if (sess_resume == NULL || sess_resume->start_server) - { - g_port++; - server_data.openssl_option = openssl_option; - -#ifndef WIN32 - pthread_create(&thread, NULL, - (void *(*)(void *))do_server, (void *)&server_data); - pthread_detach(thread); -#else - CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_server, - (LPVOID)&server_data, 0, NULL); -#endif - } - - usleep(200000); /* allow server to start */ - - if (*ssl_ctx == NULL) - { - if (private_key) - { - client_options |= SSL_NO_DEFAULT_KEY; - } - - if ((*ssl_ctx = ssl_ctx_new( - client_options, SSL_DEFAULT_CLNT_SESS)) == NULL) - { - ret = SSL_ERROR_INVALID_KEY; - goto client_test_exit; - } - - if (private_key) - { - int obj_type = SSL_OBJ_RSA_KEY; - - if (strstr(private_key, ".p8")) - obj_type = SSL_OBJ_PKCS8; - else if (strstr(private_key, ".p12")) - obj_type = SSL_OBJ_PKCS12; - - if (ssl_obj_load(*ssl_ctx, obj_type, private_key, password)) - { - ret = SSL_ERROR_INVALID_KEY; - goto client_test_exit; - } - } - - if (cert) - { - if ((ret = ssl_obj_load(*ssl_ctx, - SSL_OBJ_X509_CERT, cert, NULL)) != SSL_OK) - { - printf("could not add cert %s (%d)\n", cert, ret); - TTY_FLUSH(); - goto client_test_exit; - } - } - - if (ssl_obj_load(*ssl_ctx, SSL_OBJ_X509_CACERT, - "../ssl/test/axTLS.ca_x509.cer", NULL)) - { - printf("could not add cert auth\n"); TTY_FLUSH(); - goto client_test_exit; - } - } - - if (sess_resume && !sess_resume->start_server) - { - session_id = sess_resume->session_id; - } - - if ((client_fd = client_socket_init(g_port)) < 0) - { - printf("could not start socket on %d\n", g_port); TTY_FLUSH(); - goto client_test_exit; - } - - ssl = ssl_client_new(*ssl_ctx, client_fd, session_id, sizeof(session_id)); - - /* check the return status */ - if ((ret = ssl_handshake_status(ssl))) - goto client_test_exit; - - /* renegotiate client */ - if (sess_resume && sess_resume->do_reneg) - { - if (ssl_renegotiate(ssl) < 0) - goto client_test_exit; - } - - if (sess_resume) - { - memcpy(sess_resume->session_id, - ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE); - } - - if (IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER) && - (ret = ssl_verify_cert(ssl))) - { - goto client_test_exit; - } - - ssl_write(ssl, (uint8_t *)"hello world\n", 13); - if (sess_resume) - { - const uint8_t *sess_id = ssl_get_session_id(ssl); - int i; - - printf(" Session-ID: "); - for (i = 0; i < SSL_SESSION_ID_SIZE; i++) - { - printf("%02X", sess_id[i]); - } - printf("\n"); - TTY_FLUSH(); - } - - ret = 0; - -client_test_exit: - ssl_free(ssl); - SOCKET_CLOSE(client_fd); - usleep(200000); /* allow openssl to say something */ - - if (sess_resume) - { - if (sess_resume->stop_server) - { - ssl_ctx_free(*ssl_ctx); - *ssl_ctx = NULL; -#ifndef WIN32 - pthread_cancel(sess_resume->server_thread); -#endif - } - else if (sess_resume->start_server) - { -#ifndef WIN32 - sess_resume->server_thread = thread; -#endif - } - } - else - { - ssl_ctx_free(*ssl_ctx); - *ssl_ctx = NULL; -#ifndef WIN32 - pthread_cancel(thread); -#endif - } - - if (ret == 0) - { - printf("SSL client test \"%s\" passed\n", test); - TTY_FLUSH(); - } - - return ret; -} - -int SSL_client_tests(void) -{ - int ret = -1; - SSL_CTX *ssl_ctx = NULL; - CLNT_SESSION_RESUME_CTX sess_resume; - memset(&sess_resume, 0, sizeof(CLNT_SESSION_RESUME_CTX)); - - sess_resume.start_server = 1; - printf("### starting client tests\n"); - - if ((ret = SSL_client_test("512 bit key", - &ssl_ctx, - "-cert ../ssl/test/axTLS.x509_512.pem " - "-key ../ssl/test/axTLS.key_512.pem", &sess_resume, - DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) - goto cleanup; - - /* all the session id's should match for session resumption */ - sess_resume.start_server = 0; - if ((ret = SSL_client_test("Client session resumption #1", - &ssl_ctx, NULL, &sess_resume, - DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) - goto cleanup; - - sess_resume.do_reneg = 1; - if ((ret = SSL_client_test("Client renegotiation", - &ssl_ctx, NULL, &sess_resume, - DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) - goto cleanup; - sess_resume.do_reneg = 0; - - sess_resume.stop_server = 1; - if ((ret = SSL_client_test("Client session resumption #2", - &ssl_ctx, NULL, &sess_resume, - DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) - goto cleanup; - - if ((ret = SSL_client_test("1024 bit key", - &ssl_ctx, - "-cert ../ssl/test/axTLS.x509_1024.pem " - "-key ../ssl/test/axTLS.key_1024.pem", NULL, - DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) - goto cleanup; - - if ((ret = SSL_client_test("2048 bit key", - &ssl_ctx, - "-cert ../ssl/test/axTLS.x509_2048.pem " - "-key ../ssl/test/axTLS.key_2048.pem", NULL, - DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) - goto cleanup; - - if ((ret = SSL_client_test("4096 bit key", - &ssl_ctx, - "-cert ../ssl/test/axTLS.x509_4096.pem " - "-key ../ssl/test/axTLS.key_4096.pem", NULL, - DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) - goto cleanup; - - if ((ret = SSL_client_test("Server cert chaining", - &ssl_ctx, - "-cert ../ssl/test/axTLS.x509_device.pem " - "-key ../ssl/test/axTLS.device_key.pem " - "-CAfile ../ssl/test/axTLS.x509_512.pem ", NULL, - DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) - goto cleanup; - - /* Check the server can verify the client */ - if ((ret = SSL_client_test("Client peer authentication", - &ssl_ctx, - "-cert ../ssl/test/axTLS.x509_2048.pem " - "-key ../ssl/test/axTLS.key_2048.pem " - "-CAfile ../ssl/test/axTLS.ca_x509.pem " - "-verify 1 ", NULL, DEFAULT_CLNT_OPTION, - "../ssl/test/axTLS.key_1024", NULL, - "../ssl/test/axTLS.x509_1024.cer"))) - goto cleanup; - - /* Should get an "ERROR" from openssl (as the handshake fails as soon as - * the certificate verification fails) */ - if ((ret = SSL_client_test("Error: Expired cert (verify now)", - &ssl_ctx, - "-cert ../ssl/test/axTLS.x509_bad_after.pem " - "-key ../ssl/test/axTLS.key_512.pem", NULL, - DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) != - SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED)) - { - printf("*** Error: %d\n", ret); - goto cleanup; - } - - printf("SSL client test \"Expired cert (verify now)\" passed\n"); - - /* There is no "ERROR" from openssl */ - if ((ret = SSL_client_test("Error: Expired cert (verify later)", - &ssl_ctx, - "-cert ../ssl/test/axTLS.x509_bad_after.pem " - "-key ../ssl/test/axTLS.key_512.pem", NULL, - DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, NULL, - NULL, NULL)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED)) - { - printf("*** Error: %d\n", ret); - goto cleanup; - } - - printf("SSL client test \"Expired cert (verify later)\" passed\n"); - ret = 0; - -cleanup: - if (ret) - { - ssl_display_error(ret); - printf("Error: A client test failed\n"); - exit(1); - } - else - { - printf("All client tests passed\n"); TTY_FLUSH(); - } - - return ret; -} - -/************************************************************************** - * SSL Basic Testing (test a big packet handshake) - * - **************************************************************************/ -static uint8_t basic_buf[256*1024]; - -static void do_basic(void) -{ - int client_fd; - SSL *ssl_clnt; - SSL_CTX *ssl_clnt_ctx = ssl_ctx_new( - DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS); - usleep(200000); /* allow server to start */ - - if ((client_fd = client_socket_init(g_port)) < 0) - goto error; - - if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, - "../ssl/test/axTLS.ca_x509.cer", NULL)) - goto error; - - ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0); - - /* check the return status */ - if (ssl_handshake_status(ssl_clnt) < 0) - { - printf("YA YA\n"); - ssl_display_error(ssl_handshake_status(ssl_clnt)); - goto error; - } - - ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf)); - ssl_free(ssl_clnt); - -error: - ssl_ctx_free(ssl_clnt_ctx); - SOCKET_CLOSE(client_fd); - - /* exit this thread */ -} - -static int SSL_basic_test(void) -{ - int server_fd, client_fd, ret = 0, size = 0, offset = 0; - SSL_CTX *ssl_svr_ctx = NULL; - struct sockaddr_in client_addr; - uint8_t *read_buf; - socklen_t clnt_len = sizeof(client_addr); - SSL *ssl_svr; -#ifndef WIN32 - pthread_t thread; -#endif - memset(basic_buf, 0xA5, sizeof(basic_buf)/2); - memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2); - - if ((server_fd = server_socket_init(&g_port)) < 0) - goto error; - - ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS); - -#ifndef WIN32 - pthread_create(&thread, NULL, - (void *(*)(void *))do_basic, NULL); - pthread_detach(thread); -#else - CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_basic, NULL, 0, NULL); -#endif - - /* Wait for a client to connect */ - if ((client_fd = accept(server_fd, - (struct sockaddr *) &client_addr, &clnt_len)) < 0) - { - ret = SSL_ERROR_SOCK_SETUP_FAILURE; - goto error; - } - - /* we are ready to go */ - ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd); - - do - { - while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK); - - if (size < SSL_OK) /* got some alert or something nasty */ - { - printf("Server "); - ssl_display_error(size); - ret = size; - break; - } - else /* looks more promising */ - { - if (memcmp(read_buf, &basic_buf[offset], size) != 0) - { - ret = SSL_NOT_OK; - break; - } - } - - offset += size; - } while (offset < sizeof(basic_buf)); - - printf(ret == SSL_OK && offset == sizeof(basic_buf) ? - "SSL basic test passed\n" : - "SSL basic test failed\n"); - TTY_FLUSH(); - - ssl_free(ssl_svr); - SOCKET_CLOSE(server_fd); - SOCKET_CLOSE(client_fd); - -error: - ssl_ctx_free(ssl_svr_ctx); - return ret; -} - -#if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING) -/************************************************************************** - * Multi-Threading Tests - * - **************************************************************************/ -#define NUM_THREADS 100 - -typedef struct -{ - SSL_CTX *ssl_clnt_ctx; - int port; - int thread_id; -} multi_t; - -void do_multi_clnt(multi_t *multi_data) -{ - int res = 1, client_fd, i; - SSL *ssl = NULL; - char tmp[5]; - - if ((client_fd = client_socket_init(multi_data->port)) < 0) - goto client_test_exit; - - sleep(1); - ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0); - - if ((res = ssl_handshake_status(ssl))) - { - printf("Client "); - ssl_display_error(res); - goto client_test_exit; - } - - sprintf(tmp, "%d\n", multi_data->thread_id); - for (i = 0; i < 10; i++) - ssl_write(ssl, (uint8_t *)tmp, strlen(tmp)+1); - -client_test_exit: - ssl_free(ssl); - SOCKET_CLOSE(client_fd); - free(multi_data); -} - -void do_multi_svr(SSL *ssl) -{ - uint8_t *read_buf; - int *res_ptr = malloc(sizeof(int)); - int res; - - for (;;) - { - res = ssl_read(ssl, &read_buf); - - /* kill the client */ - if (res != SSL_OK) - { - if (res == SSL_ERROR_CONN_LOST) - { - SOCKET_CLOSE(ssl->client_fd); - ssl_free(ssl); - break; - } - else if (res > 0) - { - /* do nothing */ - } - else /* some problem */ - { - printf("Server "); - ssl_display_error(res); - goto error; - } - } - } - - res = SSL_OK; -error: - *res_ptr = res; - pthread_exit(res_ptr); -} - -int multi_thread_test(void) -{ - int server_fd = -1; - SSL_CTX *ssl_server_ctx; - SSL_CTX *ssl_clnt_ctx; - pthread_t clnt_threads[NUM_THREADS]; - pthread_t svr_threads[NUM_THREADS]; - int i, res = 0; - struct sockaddr_in client_addr; - socklen_t clnt_len = sizeof(client_addr); - - printf("Do multi-threading test (takes a minute)\n"); - - ssl_server_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS); - ssl_clnt_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS); - - if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, - "../ssl/test/axTLS.ca_x509.cer", NULL)) - goto error; - - if ((server_fd = server_socket_init(&g_port)) < 0) - goto error; - - for (i = 0; i < NUM_THREADS; i++) - { - multi_t *multi_data = (multi_t *)malloc(sizeof(multi_t)); - multi_data->ssl_clnt_ctx = ssl_clnt_ctx; - multi_data->port = g_port; - multi_data->thread_id = i+1; - pthread_create(&clnt_threads[i], NULL, - (void *(*)(void *))do_multi_clnt, (void *)multi_data); - pthread_detach(clnt_threads[i]); - } - - for (i = 0; i < NUM_THREADS; i++) - { - SSL *ssl_svr; - int client_fd = accept(server_fd, - (struct sockaddr *)&client_addr, &clnt_len); - - if (client_fd < 0) - goto error; - - ssl_svr = ssl_server_new(ssl_server_ctx, client_fd); - - pthread_create(&svr_threads[i], NULL, - (void *(*)(void *))do_multi_svr, (void *)ssl_svr); - } - - /* make sure we've run all of the threads */ - for (i = 0; i < NUM_THREADS; i++) - { - void *thread_res; - pthread_join(svr_threads[i], &thread_res); - - if (*((int *)thread_res) != 0) - res = 1; - - free(thread_res); - } - - if (res) - goto error; - - printf("Multi-thread test passed (%d)\n", NUM_THREADS); -error: - ssl_ctx_free(ssl_server_ctx); - ssl_ctx_free(ssl_clnt_ctx); - SOCKET_CLOSE(server_fd); - return res; -} -#endif /* !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING) */ - -/************************************************************************** - * Header issue - * - **************************************************************************/ -static void do_header_issue(void) -{ - char axtls_buf[2048]; -#ifndef WIN32 - pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL); -#endif - sprintf(axtls_buf, "./axssl s_client -connect localhost:%d", g_port); - system(axtls_buf); -} - -static int header_issue(void) -{ - FILE *f = fopen("../ssl/test/header_issue.dat", "r"); - int server_fd = -1, client_fd = -1, ret = 1; - uint8_t buf[2048]; - int size = 0; - struct sockaddr_in client_addr; - socklen_t clnt_len = sizeof(client_addr); -#ifndef WIN32 - pthread_t thread; -#endif - - if (f == NULL || (server_fd = server_socket_init(&g_port)) < 0) - goto error; - -#ifndef WIN32 - pthread_create(&thread, NULL, - (void *(*)(void *))do_header_issue, NULL); - pthread_detach(thread); -#else - CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_header_issue, - NULL, 0, NULL); -#endif - if ((client_fd = accept(server_fd, - (struct sockaddr *) &client_addr, &clnt_len)) < 0) - { - ret = SSL_ERROR_SOCK_SETUP_FAILURE; - goto error; - } - - size = fread(buf, 1, sizeof(buf), f); - SOCKET_WRITE(client_fd, buf, size); - usleep(200000); - - ret = 0; -error: - fclose(f); - SOCKET_CLOSE(client_fd); - SOCKET_CLOSE(server_fd); - TTY_FLUSH(); - system("killall axssl"); - return ret; -} - -/************************************************************************** - * main() - * - **************************************************************************/ -int main(int argc, char *argv[]) -{ - int ret = 1; - BI_CTX *bi_ctx; - int fd; - -#ifdef WIN32 - WSADATA wsaData; - WORD wVersionRequested = MAKEWORD(2, 2); - WSAStartup(wVersionRequested, &wsaData); - fd = _open("test_result.txt", O_WRONLY|O_TEMPORARY|O_CREAT, _S_IWRITE); - dup2(fd, 2); /* write stderr to this file */ -#else - fd = open("/dev/null", O_WRONLY); /* write stderr to /dev/null */ - signal(SIGPIPE, SIG_IGN); /* ignore pipe errors */ - dup2(fd, 2); -#endif - - /* can't do testing in this mode */ -#if defined CONFIG_SSL_GENERATE_X509_CERT - printf("Error: Must compile with default key/certificates\n"); - exit(1); -#endif - - bi_ctx = bi_initialize(); - - if (AES_test(bi_ctx)) - { - printf("AES tests failed\n"); - goto cleanup; - } - TTY_FLUSH(); - - if (RC4_test(bi_ctx)) - { - printf("RC4 tests failed\n"); - goto cleanup; - } - TTY_FLUSH(); - - if (MD5_test(bi_ctx)) - { - printf("MD5 tests failed\n"); - goto cleanup; - } - TTY_FLUSH(); - - if (SHA1_test(bi_ctx)) - { - printf("SHA1 tests failed\n"); - goto cleanup; - } - TTY_FLUSH(); - - if (HMAC_test(bi_ctx)) - { - printf("HMAC tests failed\n"); - goto cleanup; - } - TTY_FLUSH(); - - if (BIGINT_test(bi_ctx)) - { - printf("BigInt tests failed!\n"); - goto cleanup; - } - TTY_FLUSH(); - - bi_terminate(bi_ctx); - - if (RSA_test()) - { - printf("RSA tests failed\n"); - goto cleanup; - } - TTY_FLUSH(); - - if (cert_tests()) - { - printf("CERT tests failed\n"); - goto cleanup; - } - TTY_FLUSH(); - -#if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING) - if (multi_thread_test()) - goto cleanup; -#endif - - if (SSL_basic_test()) - goto cleanup; - - system("sh ../ssl/test/killopenssl.sh"); - - if (SSL_client_tests()) - goto cleanup; - - system("sh ../ssl/test/killopenssl.sh"); - - if (SSL_server_tests()) - goto cleanup; - - system("sh ../ssl/test/killopenssl.sh"); - - if (header_issue()) - { - printf("Header tests failed\n"); TTY_FLUSH(); - goto cleanup; - } - - ret = 0; /* all ok */ - printf("**** ALL TESTS PASSED ****\n"); TTY_FLUSH(); -cleanup: - - if (ret) - printf("Error: Some tests failed!\n"); - - close(fd); - return ret; -} diff --git a/libs/nixio/axTLS/ssl/test/ssltest.c.bak b/libs/nixio/axTLS/ssl/test/ssltest.c.bak deleted file mode 100644 index ca9637f9a..000000000 --- a/libs/nixio/axTLS/ssl/test/ssltest.c.bak +++ /dev/null @@ -1,1940 +0,0 @@ -/* - * Copyright (c) 2007, Cameron Rich - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * * Neither the name of the axTLS project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * The testing of the crypto and ssl stuff goes here. Keeps the individual code - * modules from being uncluttered with test code. - * - * This is test code - I make no apologies for the quality! - */ - -#include <stdio.h> -#include <stdlib.h> -#include <signal.h> -#include <string.h> -#include <errno.h> -#include <sys/stat.h> -#include <fcntl.h> - -#ifndef WIN32 -#include <pthread.h> -#endif - -#include "ssl.h" - -#define DEFAULT_CERT "../ssl/test/axTLS.x509_512.cer" -#define DEFAULT_KEY "../ssl/test/axTLS.key_512" -//#define DEFAULT_SVR_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES -#define DEFAULT_SVR_OPTION 0 -#define DEFAULT_CLNT_OPTION 0 -//#define DEFAULT_CLNT_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES - -static int g_port = 19001; - -/************************************************************************** - * AES tests - * - * Run through a couple of the RFC3602 tests to verify that AES is correct. - **************************************************************************/ -#define TEST1_SIZE 16 -#define TEST2_SIZE 32 - -static int AES_test(BI_CTX *bi_ctx) -{ - AES_CTX aes_key; - int res = 1; - uint8_t key[TEST1_SIZE]; - uint8_t iv[TEST1_SIZE]; - - { - /* - Case #1: Encrypting 16 bytes (1 block) using AES-CBC - Key : 0x06a9214036b8a15b512e03d534120006 - IV : 0x3dafba429d9eb430b422da802c9fac41 - Plaintext : "Single block msg" - Ciphertext: 0xe353779c1079aeb82708942dbe77181a - - */ - char *in_str = "Single block msg"; - uint8_t ct[TEST1_SIZE]; - uint8_t enc_data[TEST1_SIZE]; - uint8_t dec_data[TEST1_SIZE]; - - bigint *key_bi = bi_str_import( - bi_ctx, "06A9214036B8A15B512E03D534120006"); - bigint *iv_bi = bi_str_import( - bi_ctx, "3DAFBA429D9EB430B422DA802C9FAC41"); - bigint *ct_bi = bi_str_import( - bi_ctx, "E353779C1079AEB82708942DBE77181A"); - bi_export(bi_ctx, key_bi, key, TEST1_SIZE); - bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE); - bi_export(bi_ctx, ct_bi, ct, TEST1_SIZE); - - AES_set_key(&aes_key, key, iv, AES_MODE_128); - AES_cbc_encrypt(&aes_key, (const uint8_t *)in_str, - enc_data, sizeof(enc_data)); - if (memcmp(enc_data, ct, sizeof(ct))) - { - printf("Error: AES ENCRYPT #1 failed\n"); - goto end; - } - - AES_set_key(&aes_key, key, iv, AES_MODE_128); - AES_convert_key(&aes_key); - AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data)); - - if (memcmp(dec_data, in_str, sizeof(dec_data))) - { - printf("Error: AES DECRYPT #1 failed\n"); - goto end; - } - } - - { - /* - Case #2: Encrypting 32 bytes (2 blocks) using AES-CBC - Key : 0xc286696d887c9aa0611bbb3e2025a45a - IV : 0x562e17996d093d28ddb3ba695a2e6f58 - Plaintext : 0x000102030405060708090a0b0c0d0e0f - 101112131415161718191a1b1c1d1e1f - Ciphertext: 0xd296cd94c2cccf8a3a863028b5e1dc0a - 7586602d253cfff91b8266bea6d61ab1 - */ - uint8_t in_data[TEST2_SIZE]; - uint8_t ct[TEST2_SIZE]; - uint8_t enc_data[TEST2_SIZE]; - uint8_t dec_data[TEST2_SIZE]; - - bigint *in_bi = bi_str_import(bi_ctx, - "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"); - bigint *key_bi = bi_str_import( - bi_ctx, "C286696D887C9AA0611BBB3E2025A45A"); - bigint *iv_bi = bi_str_import( - bi_ctx, "562E17996D093D28DDB3BA695A2E6F58"); - bigint *ct_bi = bi_str_import(bi_ctx, - "D296CD94C2CCCF8A3A863028B5E1DC0A7586602D253CFFF91B8266BEA6D61AB1"); - bi_export(bi_ctx, in_bi, in_data, TEST2_SIZE); - bi_export(bi_ctx, key_bi, key, TEST1_SIZE); - bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE); - bi_export(bi_ctx, ct_bi, ct, TEST2_SIZE); - - AES_set_key(&aes_key, key, iv, AES_MODE_128); - AES_cbc_encrypt(&aes_key, (const uint8_t *)in_data, - enc_data, sizeof(enc_data)); - - if (memcmp(enc_data, ct, sizeof(ct))) - { - printf("Error: ENCRYPT #2 failed\n"); - goto end; - } - - AES_set_key(&aes_key, key, iv, AES_MODE_128); - AES_convert_key(&aes_key); - AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data)); - if (memcmp(dec_data, in_data, sizeof(dec_data))) - { - printf("Error: DECRYPT #2 failed\n"); - goto end; - } - } - - res = 0; - printf("All AES tests passed\n"); - -end: - return res; -} - -/************************************************************************** - * RC4 tests - * - * ARC4 tests vectors from OpenSSL (crypto/rc4/rc4test.c) - **************************************************************************/ -static const uint8_t keys[7][30]= -{ - {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}, - {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}, - {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {4,0xef,0x01,0x23,0x45}, - {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}, - {4,0xef,0x01,0x23,0x45}, -}; - -static const uint8_t data_len[7]={8,8,8,20,28,10}; -static uint8_t data[7][30]= -{ - {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0xff}, - {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0, - 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0, - 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0, - 0x12,0x34,0x56,0x78,0xff}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff}, - {0}, -}; - -static const uint8_t output[7][30]= -{ - {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00}, - {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00}, - {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00}, - {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf, - 0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba, - 0x36,0xb6,0x78,0x58,0x00}, - {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89, - 0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c, - 0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87, - 0x40,0x01,0x1e,0xcf,0x00}, - {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00}, - {0}, -}; - -static int RC4_test(BI_CTX *bi_ctx) -{ - int i, res = 1; - RC4_CTX s; - - for (i = 0; i < 6; i++) - { - RC4_setup(&s, &keys[i][1], keys[i][0]); - RC4_crypt(&s, data[i], data[i], data_len[i]); - - if (memcmp(data[i], output[i], data_len[i])) - { - printf("Error: RC4 CRYPT #%d failed\n", i); - goto end; - } - } - - res = 0; - printf("All RC4 tests passed\n"); - -end: - return res; -} - -/************************************************************************** - * SHA1 tests - * - * Run through a couple of the RFC3174 tests to verify that SHA1 is correct. - **************************************************************************/ -static int SHA1_test(BI_CTX *bi_ctx) -{ - SHA1_CTX ctx; - uint8_t ct[SHA1_SIZE]; - uint8_t digest[SHA1_SIZE]; - int res = 1; - - { - const char *in_str = "abc"; - bigint *ct_bi = bi_str_import(bi_ctx, - "A9993E364706816ABA3E25717850C26C9CD0D89D"); - bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE); - - SHA1_Init(&ctx); - SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str)); - SHA1_Final(digest, &ctx); - - if (memcmp(digest, ct, sizeof(ct))) - { - printf("Error: SHA1 #1 failed\n"); - goto end; - } - } - - { - const char *in_str = - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - bigint *ct_bi = bi_str_import(bi_ctx, - "84983E441C3BD26EBAAE4AA1F95129E5E54670F1"); - bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE); - - SHA1_Init(&ctx); - SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str)); - SHA1_Final(digest, &ctx); - - if (memcmp(digest, ct, sizeof(ct))) - { - printf("Error: SHA1 #2 failed\n"); - goto end; - } - } - - res = 0; - printf("All SHA1 tests passed\n"); - -end: - return res; -} - -/************************************************************************** - * MD5 tests - * - * Run through a couple of the RFC1321 tests to verify that MD5 is correct. - **************************************************************************/ -static int MD5_test(BI_CTX *bi_ctx) -{ - MD5_CTX ctx; - uint8_t ct[MD5_SIZE]; - uint8_t digest[MD5_SIZE]; - int res = 1; - - { - const char *in_str = "abc"; - bigint *ct_bi = bi_str_import(bi_ctx, - "900150983CD24FB0D6963F7D28E17F72"); - bi_export(bi_ctx, ct_bi, ct, MD5_SIZE); - - MD5_Init(&ctx); - MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str)); - MD5_Final(digest, &ctx); - - if (memcmp(digest, ct, sizeof(ct))) - { - printf("Error: MD5 #1 failed\n"); - goto end; - } - } - - { - const char *in_str = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; - bigint *ct_bi = bi_str_import( - bi_ctx, "D174AB98D277D9F5A5611C2C9F419D9F"); - bi_export(bi_ctx, ct_bi, ct, MD5_SIZE); - - MD5_Init(&ctx); - MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str)); - MD5_Final(digest, &ctx); - - if (memcmp(digest, ct, sizeof(ct))) - { - printf("Error: MD5 #2 failed\n"); - goto end; - } - } - res = 0; - printf("All MD5 tests passed\n"); - -end: - return res; -} - -/************************************************************************** - * HMAC tests - * - * Run through a couple of the RFC2202 tests to verify that HMAC is correct. - **************************************************************************/ -static int HMAC_test(BI_CTX *bi_ctx) -{ - uint8_t key[SHA1_SIZE]; - uint8_t ct[SHA1_SIZE]; - uint8_t dgst[SHA1_SIZE]; - int res = 1; - const char *key_str; - - const char *data_str = "Hi There"; - bigint *key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B"); - bigint *ct_bi = bi_str_import(bi_ctx, "9294727A3638BB1C13F48EF8158BFC9D"); - bi_export(bi_ctx, key_bi, key, MD5_SIZE); - bi_export(bi_ctx, ct_bi, ct, MD5_SIZE); - hmac_md5((const uint8_t *)data_str, 8, key, MD5_SIZE, dgst); - if (memcmp(dgst, ct, MD5_SIZE)) - { - printf("HMAC MD5 #1 failed\n"); - goto end; - } - - data_str = "what do ya want for nothing?"; - key_str = "Jefe"; - ct_bi = bi_str_import(bi_ctx, "750C783E6AB0B503EAA86E310A5DB738"); - bi_export(bi_ctx, ct_bi, ct, MD5_SIZE); - hmac_md5((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst); - if (memcmp(dgst, ct, MD5_SIZE)) - { - printf("HMAC MD5 #2 failed\n"); - goto end; - } - - data_str = "Hi There"; - key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B"); - bi_export(bi_ctx, key_bi, key, SHA1_SIZE); - ct_bi = bi_str_import(bi_ctx, "B617318655057264E28BC0B6FB378C8EF146BE00"); - bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE); - - hmac_sha1((const uint8_t *)data_str, 8, - (const uint8_t *)key, SHA1_SIZE, dgst); - if (memcmp(dgst, ct, SHA1_SIZE)) - { - printf("HMAC SHA1 #1 failed\n"); - goto end; - } - - data_str = "what do ya want for nothing?"; - key_str = "Jefe"; - ct_bi = bi_str_import(bi_ctx, "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79"); - bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE); - - hmac_sha1((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 5, dgst); - if (memcmp(dgst, ct, SHA1_SIZE)) - { - printf("HMAC SHA1 failed\n"); - exit(1); - } - - res = 0; - printf("All HMAC tests passed\n"); - -end: - return res; -} - -/************************************************************************** - * BIGINT tests - * - **************************************************************************/ -static int BIGINT_test(BI_CTX *ctx) -{ - int res = 1; - bigint *bi_data, *bi_exp, *bi_res; - const char *expnt, *plaintext, *mod; - uint8_t compare[MAX_KEY_BYTE_SIZE]; - - /** - * 512 bit key - */ - plaintext = /* 64 byte number */ - "01aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee"; - - mod = "C30773C8ABE09FCC279EE0E5343370DE" - "8B2FFDB6059271E3005A7CEEF0D35E0A" - "1F9915D95E63560836CC2EB2C289270D" - "BCAE8CAF6F5E907FC2759EE220071E1B"; - - expnt = "A1E556CD1738E10DF539E35101334E97" - "BE8D391C57A5C89A7AD9A2EA2ACA1B3D" - "F3140F5091CC535CBAA47CEC4159EE1F" - "B6A3661AFF1AB758426EAB158452A9B9"; - - bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext)); - bi_exp = int_to_bi(ctx, 0x10001); - bi_set_mod(ctx, bi_str_import(ctx, mod), 0); - bi_res = bi_mod_power(ctx, bi_data, bi_exp); - - bi_data = bi_res; /* resuse again - see if we get the original */ - - bi_exp = bi_str_import(ctx, expnt); - bi_res = bi_mod_power(ctx, bi_data, bi_exp); - bi_free_mod(ctx, 0); - - bi_export(ctx, bi_res, compare, 64); - if (memcmp(plaintext, compare, 64) != 0) - goto end; - - printf("All BIGINT tests passed\n"); - res = 0; - -end: - return res; -} - -/************************************************************************** - * RSA tests - * - * Use the results from openssl to verify PKCS1 etc - **************************************************************************/ -static int RSA_test(void) -{ - int res = 1; - const char *plaintext = /* 128 byte hex number */ - "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee2" - "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeee2\012"; - uint8_t enc_data[128], dec_data[128]; - RSA_CTX *rsa_ctx = NULL; - BI_CTX *bi_ctx; - bigint *plaintext_bi; - bigint *enc_data_bi, *dec_data_bi; - uint8_t enc_data2[128], dec_data2[128]; - int size; - int len; - uint8_t *buf; - - /* extract the private key elements */ - len = get_file("../ssl/test/axTLS.key_1024", &buf); - if (asn1_get_private_key(buf, len, &rsa_ctx) < 0) - { - goto end; - } - - free(buf); - bi_ctx = rsa_ctx->bi_ctx; - plaintext_bi = bi_import(bi_ctx, - (const uint8_t *)plaintext, strlen(plaintext)); - - /* basic rsa encrypt */ - enc_data_bi = RSA_public(rsa_ctx, plaintext_bi); - bi_export(bi_ctx, bi_copy(enc_data_bi), enc_data, sizeof(enc_data)); - - /* basic rsa decrypt */ - dec_data_bi = RSA_private(rsa_ctx, enc_data_bi); - bi_export(bi_ctx, dec_data_bi, dec_data, sizeof(dec_data)); - - if (memcmp(dec_data, plaintext, strlen(plaintext))) - { - printf("Error: DECRYPT #1 failed\n"); - goto end; - } - - RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0); - size = RSA_decrypt(rsa_ctx, enc_data2, dec_data2, 1); - if (memcmp("abc", dec_data2, 3)) - { - printf("Error: ENCRYPT/DECRYPT #2 failed\n"); - goto end; - } - - RSA_free(rsa_ctx); - res = 0; - printf("All RSA tests passed\n"); - -end: - return res; -} - -/************************************************************************** - * Cert Testing - * - **************************************************************************/ -static int cert_tests(void) -{ - int res = -1, len; - X509_CTX *x509_ctx; - SSL_CTX *ssl_ctx; - uint8_t *buf; - - /* check a bunch of 3rd party certificates */ - ssl_ctx = ssl_ctx_new(0, 0); - len = get_file("../ssl/test/microsoft.x509_ca", &buf); - if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0) - { - printf("Cert #1\n"); - ssl_display_error(res); - goto bad_cert; - } - - ssl_ctx_free(ssl_ctx); - free(buf); - - ssl_ctx = ssl_ctx_new(0, 0); - len = get_file("../ssl/test/thawte.x509_ca", &buf); - if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0) - { - printf("Cert #2\n"); - ssl_display_error(res); - goto bad_cert; - } - - ssl_ctx_free(ssl_ctx); - free(buf); - - ssl_ctx = ssl_ctx_new(0, 0); - len = get_file("../ssl/test/deutsche_telecom.x509_ca", &buf); - if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0) - { - printf("Cert #3\n"); - ssl_display_error(res); - goto bad_cert; - } - - ssl_ctx_free(ssl_ctx); - free(buf); - - ssl_ctx = ssl_ctx_new(0, 0); - len = get_file("../ssl/test/equifax.x509_ca", &buf); - if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0) - { - printf("Cert #4\n"); - ssl_display_error(res); - goto bad_cert; - } - - ssl_ctx_free(ssl_ctx); - free(buf); - - ssl_ctx = ssl_ctx_new(0, 0); - len = get_file("../ssl/test/gnutls.cer", &buf); - if ((res = add_cert(ssl_ctx, buf, len)) < 0) - { - printf("Cert #5\n"); - ssl_display_error(res); - goto bad_cert; - } - - ssl_ctx_free(ssl_ctx); - free(buf); - - ssl_ctx = ssl_ctx_new(0, 0); - len = get_file("../ssl/test/socgen.cer", &buf); - if ((res = add_cert(ssl_ctx, buf, len)) < 0) - { - printf("Cert #6\n"); - ssl_display_error(res); - goto bad_cert; - } - - ssl_ctx_free(ssl_ctx); - free(buf); - - ssl_ctx = ssl_ctx_new(0, 0); - len = get_file("../ssl/test/verisign.x509_ca", &buf); - if ((res = add_cert_auth(ssl_ctx, buf, len)) <0) - { - printf("Cert #7\n"); - ssl_display_error(res); - goto bad_cert; - } - - ssl_ctx_free(ssl_ctx); - free(buf); - - if (get_file("../ssl/test/verisign.x509_my_cert", &buf) < 0 || - x509_new(buf, &len, &x509_ctx)) - { - printf("Cert #8\n"); - ssl_display_error(res); - goto bad_cert; - } - - x509_free(x509_ctx); - free(buf); - - ssl_ctx = ssl_ctx_new(0, 0); - if ((res = ssl_obj_load(ssl_ctx, - SSL_OBJ_X509_CERT, "../ssl/test/ms_iis.cer", NULL)) != SSL_OK) - { - ssl_display_error(res); - goto bad_cert; - } - - ssl_ctx_free(ssl_ctx); - res = 0; /* all ok */ - printf("All Certificate tests passed\n"); - -bad_cert: - if (res) - printf("Error: A certificate test failed\n"); - return res; -} - -/** - * init a server socket. - */ -static int server_socket_init(int *port) -{ - struct sockaddr_in serv_addr; - int server_fd; - char yes = 1; - - /* Create socket for incoming connections */ - if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) - { - return -1; - } - - setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)); - -go_again: - /* Construct local address structure */ - memset(&serv_addr, 0, sizeof(serv_addr)); /* Zero out structure */ - serv_addr.sin_family = AF_INET; /* Internet address family */ - serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */ - serv_addr.sin_port = htons(*port); /* Local port */ - - /* Bind to the local address */ - if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) - { - (*port)++; - goto go_again; - } - /* Mark the socket so it will listen for incoming connections */ - if (listen(server_fd, 3000) < 0) - { - return -1; - } - - return server_fd; -} - -/** - * init a client socket. - */ -static int client_socket_init(uint16_t port) -{ - struct sockaddr_in address; - int client_fd; - - address.sin_family = AF_INET; - address.sin_port = htons(port); - address.sin_addr.s_addr = inet_addr("127.0.0.1"); - client_fd = socket(AF_INET, SOCK_STREAM, 0); - if (connect(client_fd, (struct sockaddr *)&address, sizeof(address)) < 0) - { - perror("socket"); - SOCKET_CLOSE(client_fd); - client_fd = -1; - } - - return client_fd; -} - -/************************************************************************** - * SSL Server Testing - * - **************************************************************************/ -typedef struct -{ - /* not used as yet */ - int dummy; -} SVR_CTX; - -typedef struct -{ - const char *testname; - const char *openssl_option; -} client_t; - -static void do_client(client_t *clnt) -{ - char openssl_buf[2048]; - - /* make sure the main thread goes first */ - sleep(0); - - /* show the session ids in the reconnect test */ - if (strcmp(clnt->testname, "Session Reuse") == 0) - { - sprintf(openssl_buf, "echo \"hello client\" | openssl s_client " - "-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"", - g_port, clnt->openssl_option); - } - else - { - sprintf(openssl_buf, "echo \"hello client\" | openssl s_client " -#ifdef WIN32 - "-connect localhost:%d -quiet %s", -#else - "-connect localhost:%d -quiet %s > /dev/null 2>&1", -#endif - g_port, clnt->openssl_option); - } - - system(openssl_buf); -} - -static int SSL_server_test( - const char *testname, - const char *openssl_option, - const char *device_cert, - const char *product_cert, - const char *private_key, - const char *ca_cert, - const char *password, - int axolotls_option) -{ - int server_fd, ret = 0; - SSL_CTX *ssl_ctx = NULL; - struct sockaddr_in client_addr; - uint8_t *read_buf; - socklen_t clnt_len = sizeof(client_addr); - client_t client_data; -#ifndef WIN32 - pthread_t thread; -#endif - g_port++; - - client_data.testname = testname; - client_data.openssl_option = openssl_option; - - if ((server_fd = server_socket_init(&g_port)) < 0) - goto error; - - if (private_key) - { - axolotls_option |= SSL_NO_DEFAULT_KEY; - } - - if ((ssl_ctx = ssl_ctx_new(axolotls_option, SSL_DEFAULT_SVR_SESS)) == NULL) - { - ret = SSL_ERROR_INVALID_KEY; - goto error; - } - - if (private_key) - { - int obj_type = SSL_OBJ_RSA_KEY; - - if (strstr(private_key, ".p8")) - obj_type = SSL_OBJ_PKCS8; - else if (strstr(private_key, ".p12")) - obj_type = SSL_OBJ_PKCS12; - - if (ssl_obj_load(ssl_ctx, obj_type, private_key, password)) - { - ret = SSL_ERROR_INVALID_KEY; - goto error; - } - } - - if (device_cert) /* test chaining */ - { - if ((ret = ssl_obj_load(ssl_ctx, - SSL_OBJ_X509_CERT, device_cert, NULL)) != SSL_OK) - goto error; - } - - if (product_cert) /* test chaining */ - { - if ((ret = ssl_obj_load(ssl_ctx, - SSL_OBJ_X509_CERT, product_cert, NULL)) != SSL_OK) - goto error; - } - - if (ca_cert) /* test adding certificate authorities */ - { - if ((ret = ssl_obj_load(ssl_ctx, - SSL_OBJ_X509_CACERT, ca_cert, NULL)) != SSL_OK) - goto error; - } - -#ifndef WIN32 - pthread_create(&thread, NULL, - (void *(*)(void *))do_client, (void *)&client_data); - pthread_detach(thread); -#else - CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_client, - (LPVOID)&client_data, 0, NULL); -#endif - - for (;;) - { - int client_fd, size = 0; - SSL *ssl; - - /* Wait for a client to connect */ - if ((client_fd = accept(server_fd, - (struct sockaddr *)&client_addr, &clnt_len)) < 0) - { - ret = SSL_ERROR_SOCK_SETUP_FAILURE; - goto error; - } - - /* we are ready to go */ - ssl = ssl_server_new(ssl_ctx, client_fd); - while ((size = ssl_read(ssl, &read_buf)) == SSL_OK); - SOCKET_CLOSE(client_fd); - - if (size < SSL_OK) /* got some alert or something nasty */ - { - ret = size; - - if (ret == SSL_ERROR_CONN_LOST) - { - ret = SSL_OK; - continue; - } - - break; /* we've got a problem */ - } - else /* looks more promising */ - { - if (strstr("hello client", (char *)read_buf) == NULL) - { - printf("SSL server test \"%s\" passed\n", testname); - TTY_FLUSH(); - ret = 0; - break; - } - } - - ssl_free(ssl); - } - - SOCKET_CLOSE(server_fd); - -error: - ssl_ctx_free(ssl_ctx); - return ret; -} - -int SSL_server_tests(void) -{ - int ret = -1; - struct stat stat_buf; - SVR_CTX svr_test_ctx; - memset(&svr_test_ctx, 0, sizeof(SVR_CTX)); - - printf("### starting server tests\n"); TTY_FLUSH(); - - /* Go through the algorithms */ - - /* - * TLS1 client hello - */ - if ((ret = SSL_server_test("TLSv1", "-cipher RC4-SHA -tls1", - NULL, NULL, NULL, NULL, NULL, DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * AES128-SHA - */ - if ((ret = SSL_server_test("AES256-SHA", "-cipher AES128-SHA", - DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL, - DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * AES256-SHA - */ - if ((ret = SSL_server_test("AES256-SHA", "-cipher AES128-SHA", - DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL, - DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * RC4-SHA - */ - if ((ret = SSL_server_test("RC4-SHA", "-cipher RC4-SHA", - DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL, - DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * RC4-MD5 - */ - if ((ret = SSL_server_test("RC4-MD5", "-cipher RC4-MD5", - DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL, - DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * Session Reuse - * all the session id's should match for session resumption. - */ - if ((ret = SSL_server_test("Session Reuse", - "-cipher RC4-SHA -reconnect", - DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL, - DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * 512 bit RSA key - */ - if ((ret = SSL_server_test("512 bit key", "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_512.cer", NULL, - "../ssl/test/axTLS.key_512", - NULL, NULL, DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * 1024 bit RSA key (check certificate chaining) - */ - if ((ret = SSL_server_test("1024 bit key", - "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_device.cer", - "../ssl/test/axTLS.x509_512.cer", - "../ssl/test/axTLS.device_key", - NULL, NULL, DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * 2048 bit RSA key - */ - if ((ret = SSL_server_test("2048 bit key", - "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_2048.cer", NULL, - "../ssl/test/axTLS.key_2048", - NULL, NULL, DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * 4096 bit RSA key - */ - if ((ret = SSL_server_test("4096 bit key", - "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_4096.cer", NULL, - "../ssl/test/axTLS.key_4096", - NULL, NULL, DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * Client Verification - */ - if ((ret = SSL_server_test("Client Verification", - "-cipher RC4-SHA -tls1 " - "-cert ../ssl/test/axTLS.x509_2048.pem " - "-key ../ssl/test/axTLS.key_2048.pem ", - NULL, NULL, NULL, - "../ssl/test/axTLS.ca_x509.cer", NULL, - DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION))) - goto cleanup; - - /* this test should fail */ - if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0) - { - if ((ret = SSL_server_test("Bad Before Cert", - "-cipher RC4-SHA -tls1 " - "-cert ../ssl/test/axTLS.x509_bad_before.pem " - "-key ../ssl/test/axTLS.key_512.pem ", - NULL, NULL, NULL, - "../ssl/test/axTLS.ca_x509.cer", NULL, - DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) != - SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID)) - goto cleanup; - - printf("SSL server test \"%s\" passed\n", "Bad Before Cert"); - TTY_FLUSH(); - ret = 0; /* is ok */ - } - - /* this test should fail */ - if ((ret = SSL_server_test("Bad After Cert", - "-cipher RC4-SHA -tls1 " - "-cert ../ssl/test/axTLS.x509_bad_after.pem " - "-key ../ssl/test/axTLS.key_512.pem ", - NULL, NULL, NULL, - "../ssl/test/axTLS.ca_x509.cer", NULL, - DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) != - SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED)) - goto cleanup; - - printf("SSL server test \"%s\" passed\n", "Bad After Cert"); - TTY_FLUSH(); - - /* - * Key in PEM format - */ - if ((ret = SSL_server_test("Key in PEM format", - "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_512.cer", NULL, - "../ssl/test/axTLS.key_512.pem", NULL, - NULL, DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * Cert in PEM format - */ - if ((ret = SSL_server_test("Cert in PEM format", - "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_512.pem", NULL, - "../ssl/test/axTLS.key_512.pem", NULL, - NULL, DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * Cert chain in PEM format - */ - if ((ret = SSL_server_test("Cert chain in PEM format", - "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_device.pem", - NULL, "../ssl/test/axTLS.device_key.pem", - "../ssl/test/axTLS.ca_x509.pem", NULL, DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * AES128 Encrypted key - */ - if ((ret = SSL_server_test("AES128 encrypted key", - "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_aes128.pem", NULL, - "../ssl/test/axTLS.key_aes128.pem", - NULL, "abcd", DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * AES256 Encrypted key - */ - if ((ret = SSL_server_test("AES256 encrypted key", - "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_aes256.pem", NULL, - "../ssl/test/axTLS.key_aes256.pem", - NULL, "abcd", DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * AES128 Encrypted invalid key - */ - if ((ret = SSL_server_test("AES128 encrypted invalid key", - "-cipher RC4-SHA", - "../ssl/test/axTLS.x509_aes128.pem", NULL, - "../ssl/test/axTLS.key_aes128.pem", - NULL, "xyz", DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY) - goto cleanup; - - printf("SSL server test \"%s\" passed\n", "AES128 encrypted invalid key"); - TTY_FLUSH(); - - /* - * PKCS#8 key (encrypted) - */ - if ((ret = SSL_server_test("pkcs#8 encrypted", "-cipher RC4-SHA", - DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8", - NULL, "abcd", DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * PKCS#8 key (unencrypted) - */ - if ((ret = SSL_server_test("pkcs#8 unencrypted", "-cipher RC4-SHA", - DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8", - NULL, NULL, DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * PKCS#12 key/certificate - */ - if ((ret = SSL_server_test("pkcs#12 with CA", "-cipher RC4-SHA", - NULL, NULL, "../ssl/test/axTLS.withCA.p12", - NULL, "abcd", DEFAULT_SVR_OPTION))) - goto cleanup; - - if ((ret = SSL_server_test("pkcs#12 no CA", "-cipher RC4-SHA", - DEFAULT_CERT, NULL, "../ssl/test/axTLS.withoutCA.p12", - NULL, "abcd", DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * - */ - - ret = 0; - -cleanup: - if (ret) - { - printf("Error: A server test failed\n"); - ssl_display_error(ret); - exit(1); - } - else - { - printf("All server tests passed\n"); TTY_FLUSH(); - } - - return ret; -} - -/************************************************************************** - * SSL Client Testing - * - **************************************************************************/ -typedef struct -{ - uint8_t session_id[SSL_SESSION_ID_SIZE]; -#ifndef WIN32 - pthread_t server_thread; -#endif - int start_server; - int stop_server; - int do_reneg; -} CLNT_SESSION_RESUME_CTX; - -typedef struct -{ - const char *testname; - const char *openssl_option; -} server_t; - -static void do_server(server_t *svr) -{ - char openssl_buf[2048]; -#ifndef WIN32 - pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL); -#endif - sprintf(openssl_buf, "openssl s_server -tls1 " - "-accept %d -quiet %s ", g_port, svr->openssl_option); - system(openssl_buf); -} - -static int SSL_client_test( - const char *test, - SSL_CTX **ssl_ctx, - const char *openssl_option, - CLNT_SESSION_RESUME_CTX *sess_resume, - uint32_t client_options, - const char *private_key, - const char *password, - const char *cert) -{ - server_t server_data; - SSL *ssl = NULL; - int client_fd = -1; - uint8_t *session_id = NULL; - int ret = 1; -#ifndef WIN32 - pthread_t thread; -#endif - - if (sess_resume == NULL || sess_resume->start_server) - { - g_port++; - server_data.openssl_option = openssl_option; - -#ifndef WIN32 - pthread_create(&thread, NULL, - (void *(*)(void *))do_server, (void *)&server_data); - pthread_detach(thread); -#else - CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_server, - (LPVOID)&server_data, 0, NULL); -#endif - } - - usleep(200000); /* allow server to start */ - - if (*ssl_ctx == NULL) - { - if (private_key) - { - client_options |= SSL_NO_DEFAULT_KEY; - } - - if ((*ssl_ctx = ssl_ctx_new( - client_options, SSL_DEFAULT_CLNT_SESS)) == NULL) - { - ret = SSL_ERROR_INVALID_KEY; - goto client_test_exit; - } - - if (private_key) - { - int obj_type = SSL_OBJ_RSA_KEY; - - if (strstr(private_key, ".p8")) - obj_type = SSL_OBJ_PKCS8; - else if (strstr(private_key, ".p12")) - obj_type = SSL_OBJ_PKCS12; - - if (ssl_obj_load(*ssl_ctx, obj_type, private_key, password)) - { - ret = SSL_ERROR_INVALID_KEY; - goto client_test_exit; - } - } - - if (cert) - { - if ((ret = ssl_obj_load(*ssl_ctx, - SSL_OBJ_X509_CERT, cert, NULL)) != SSL_OK) - { - printf("could not add cert %s (%d)\n", cert, ret); - TTY_FLUSH(); - goto client_test_exit; - } - } - - if (ssl_obj_load(*ssl_ctx, SSL_OBJ_X509_CACERT, - "../ssl/test/axTLS.ca_x509.cer", NULL)) - { - printf("could not add cert auth\n"); TTY_FLUSH(); - goto client_test_exit; - } - } - - if (sess_resume && !sess_resume->start_server) - { - session_id = sess_resume->session_id; - } - - if ((client_fd = client_socket_init(g_port)) < 0) - { - printf("could not start socket on %d\n", g_port); TTY_FLUSH(); - goto client_test_exit; - } - - ssl = ssl_client_new(*ssl_ctx, client_fd, session_id, sizeof(session_id)); - - /* check the return status */ - if ((ret = ssl_handshake_status(ssl))) - goto client_test_exit; - - /* renegotiate client */ - if (sess_resume && sess_resume->do_reneg) - { - if (ssl_renegotiate(ssl) < 0) - goto client_test_exit; - } - - if (sess_resume) - { - memcpy(sess_resume->session_id, - ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE); - } - - if (IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER) && - (ret = ssl_verify_cert(ssl))) - { - goto client_test_exit; - } - - ssl_write(ssl, (uint8_t *)"hello world\n", 13); - if (sess_resume) - { - const uint8_t *sess_id = ssl_get_session_id(ssl); - int i; - - printf(" Session-ID: "); - for (i = 0; i < SSL_SESSION_ID_SIZE; i++) - { - printf("%02X", sess_id[i]); - } - printf("\n"); - TTY_FLUSH(); - } - - ret = 0; - -client_test_exit: - ssl_free(ssl); - SOCKET_CLOSE(client_fd); - usleep(200000); /* allow openssl to say something */ - - if (sess_resume) - { - if (sess_resume->stop_server) - { - ssl_ctx_free(*ssl_ctx); - *ssl_ctx = NULL; -#ifndef WIN32 - pthread_cancel(sess_resume->server_thread); -#endif - } - else if (sess_resume->start_server) - { -#ifndef WIN32 - sess_resume->server_thread = thread; -#endif - } - } - else - { - ssl_ctx_free(*ssl_ctx); - *ssl_ctx = NULL; -#ifndef WIN32 - pthread_cancel(thread); -#endif - } - - if (ret == 0) - { - printf("SSL client test \"%s\" passed\n", test); - TTY_FLUSH(); - } - - return ret; -} - -int SSL_client_tests(void) -{ - int ret = -1; - SSL_CTX *ssl_ctx = NULL; - CLNT_SESSION_RESUME_CTX sess_resume; - memset(&sess_resume, 0, sizeof(CLNT_SESSION_RESUME_CTX)); - - sess_resume.start_server = 1; - printf("### starting client tests\n"); - - if ((ret = SSL_client_test("512 bit key", - &ssl_ctx, - "-cert ../ssl/test/axTLS.x509_512.pem " - "-key ../ssl/test/axTLS.key_512.pem", &sess_resume, - DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) - goto cleanup; - - /* all the session id's should match for session resumption */ - sess_resume.start_server = 0; - if ((ret = SSL_client_test("Client session resumption #1", - &ssl_ctx, NULL, &sess_resume, - DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) - goto cleanup; - - sess_resume.do_reneg = 1; - if ((ret = SSL_client_test("Client renegotiation", - &ssl_ctx, NULL, &sess_resume, - DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) - goto cleanup; - sess_resume.do_reneg = 0; - - sess_resume.stop_server = 1; - if ((ret = SSL_client_test("Client session resumption #2", - &ssl_ctx, NULL, &sess_resume, - DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) - goto cleanup; - - if ((ret = SSL_client_test("1024 bit key", - &ssl_ctx, - "-cert ../ssl/test/axTLS.x509_1024.pem " - "-key ../ssl/test/axTLS.key_1024.pem", NULL, - DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) - goto cleanup; - - if ((ret = SSL_client_test("2048 bit key", - &ssl_ctx, - "-cert ../ssl/test/axTLS.x509_2048.pem " - "-key ../ssl/test/axTLS.key_2048.pem", NULL, - DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) - goto cleanup; - - if ((ret = SSL_client_test("4096 bit key", - &ssl_ctx, - "-cert ../ssl/test/axTLS.x509_4096.pem " - "-key ../ssl/test/axTLS.key_4096.pem", NULL, - DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) - goto cleanup; - - if ((ret = SSL_client_test("Server cert chaining", - &ssl_ctx, - "-cert ../ssl/test/axTLS.x509_device.pem " - "-key ../ssl/test/axTLS.device_key.pem " - "-CAfile ../ssl/test/axTLS.x509_512.pem ", NULL, - DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) - goto cleanup; - - /* Check the server can verify the client */ - if ((ret = SSL_client_test("Client peer authentication", - &ssl_ctx, - "-cert ../ssl/test/axTLS.x509_2048.pem " - "-key ../ssl/test/axTLS.key_2048.pem " - "-CAfile ../ssl/test/axTLS.ca_x509.pem " - "-verify 1 ", NULL, DEFAULT_CLNT_OPTION, - "../ssl/test/axTLS.key_1024", NULL, - "../ssl/test/axTLS.x509_1024.cer"))) - goto cleanup; - - /* Should get an "ERROR" from openssl (as the handshake fails as soon as - * the certificate verification fails) */ - if ((ret = SSL_client_test("Error: Expired cert (verify now)", - &ssl_ctx, - "-cert ../ssl/test/axTLS.x509_bad_after.pem " - "-key ../ssl/test/axTLS.key_512.pem", NULL, - DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) != - SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED)) - { - printf("*** Error: %d\n", ret); - goto cleanup; - } - - printf("SSL client test \"Expired cert (verify now)\" passed\n"); - - /* There is no "ERROR" from openssl */ - if ((ret = SSL_client_test("Error: Expired cert (verify later)", - &ssl_ctx, - "-cert ../ssl/test/axTLS.x509_bad_after.pem " - "-key ../ssl/test/axTLS.key_512.pem", NULL, - DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, NULL, - NULL, NULL)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED)) - { - printf("*** Error: %d\n", ret); - goto cleanup; - } - - printf("SSL client test \"Expired cert (verify later)\" passed\n"); - ret = 0; - -cleanup: - if (ret) - { - ssl_display_error(ret); - printf("Error: A client test failed\n"); - exit(1); - } - else - { - printf("All client tests passed\n"); TTY_FLUSH(); - } - - return ret; -} - -/************************************************************************** - * SSL Basic Testing (test a big packet handshake) - * - **************************************************************************/ -static uint8_t basic_buf[256*1024]; - -static void do_basic(void) -{ - int client_fd; - SSL *ssl_clnt; - SSL_CTX *ssl_clnt_ctx = ssl_ctx_new( - DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS); - usleep(200000); /* allow server to start */ - - if ((client_fd = client_socket_init(g_port)) < 0) - goto error; - - if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, - "../ssl/test/axTLS.ca_x509.cer", NULL)) - goto error; - - ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0); - - /* check the return status */ - if (ssl_handshake_status(ssl_clnt) < 0) - { - printf("YA YA\n"); - ssl_display_error(ssl_handshake_status(ssl_clnt)); - goto error; - } - - ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf)); - ssl_free(ssl_clnt); - -error: - ssl_ctx_free(ssl_clnt_ctx); - SOCKET_CLOSE(client_fd); - - /* exit this thread */ -} - -static int SSL_basic_test(void) -{ - int server_fd, client_fd, ret = 0, size = 0, offset = 0; - SSL_CTX *ssl_svr_ctx = NULL; - struct sockaddr_in client_addr; - uint8_t *read_buf; - socklen_t clnt_len = sizeof(client_addr); - SSL *ssl_svr; -#ifndef WIN32 - pthread_t thread; -#endif - memset(basic_buf, 0xA5, sizeof(basic_buf)/2); - memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2); - - if ((server_fd = server_socket_init(&g_port)) < 0) - goto error; - - ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS); - -#ifndef WIN32 - pthread_create(&thread, NULL, - (void *(*)(void *))do_basic, NULL); - pthread_detach(thread); -#else - CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_basic, NULL, 0, NULL); -#endif - - /* Wait for a client to connect */ - if ((client_fd = accept(server_fd, - (struct sockaddr *) &client_addr, &clnt_len)) < 0) - { - ret = SSL_ERROR_SOCK_SETUP_FAILURE; - goto error; - } - - /* we are ready to go */ - ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd); - - do - { - while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK); - - if (size < SSL_OK) /* got some alert or something nasty */ - { - printf("Server "); - ssl_display_error(size); - ret = size; - break; - } - else /* looks more promising */ - { - if (memcmp(read_buf, &basic_buf[offset], size) != 0) - { - ret = SSL_NOT_OK; - break; - } - } - - offset += size; - } while (offset < sizeof(basic_buf)); - - printf(ret == SSL_OK && offset == sizeof(basic_buf) ? - "SSL basic test passed\n" : - "SSL basic test failed\n"); - TTY_FLUSH(); - - ssl_free(ssl_svr); - SOCKET_CLOSE(server_fd); - SOCKET_CLOSE(client_fd); - -error: - ssl_ctx_free(ssl_svr_ctx); - return ret; -} - -#if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING) -/************************************************************************** - * Multi-Threading Tests - * - **************************************************************************/ -#define NUM_THREADS 100 - -typedef struct -{ - SSL_CTX *ssl_clnt_ctx; - int port; - int thread_id; -} multi_t; - -void do_multi_clnt(multi_t *multi_data) -{ - int res = 1, client_fd, i; - SSL *ssl = NULL; - char tmp[5]; - - if ((client_fd = client_socket_init(multi_data->port)) < 0) - goto client_test_exit; - - sleep(1); - ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0); - - if ((res = ssl_handshake_status(ssl))) - { - printf("Client "); - ssl_display_error(res); - goto client_test_exit; - } - - sprintf(tmp, "%d\n", multi_data->thread_id); - for (i = 0; i < 10; i++) - ssl_write(ssl, (uint8_t *)tmp, strlen(tmp)+1); - -client_test_exit: - ssl_free(ssl); - SOCKET_CLOSE(client_fd); - free(multi_data); -} - -void do_multi_svr(SSL *ssl) -{ - uint8_t *read_buf; - int *res_ptr = malloc(sizeof(int)); - int res; - - for (;;) - { - res = ssl_read(ssl, &read_buf); - - /* kill the client */ - if (res != SSL_OK) - { - if (res == SSL_ERROR_CONN_LOST) - { - SOCKET_CLOSE(ssl->client_fd); - ssl_free(ssl); - break; - } - else if (res > 0) - { - /* do nothing */ - } - else /* some problem */ - { - printf("Server "); - ssl_display_error(res); - goto error; - } - } - } - - res = SSL_OK; -error: - *res_ptr = res; - pthread_exit(res_ptr); -} - -int multi_thread_test(void) -{ - int server_fd = -1; - SSL_CTX *ssl_server_ctx; - SSL_CTX *ssl_clnt_ctx; - pthread_t clnt_threads[NUM_THREADS]; - pthread_t svr_threads[NUM_THREADS]; - int i, res = 0; - struct sockaddr_in client_addr; - socklen_t clnt_len = sizeof(client_addr); - - printf("Do multi-threading test (takes a minute)\n"); - - ssl_server_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS); - ssl_clnt_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS); - - if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, - "../ssl/test/axTLS.ca_x509.cer", NULL)) - goto error; - - if ((server_fd = server_socket_init(&g_port)) < 0) - goto error; - - for (i = 0; i < NUM_THREADS; i++) - { - multi_t *multi_data = (multi_t *)malloc(sizeof(multi_t)); - multi_data->ssl_clnt_ctx = ssl_clnt_ctx; - multi_data->port = g_port; - multi_data->thread_id = i+1; - pthread_create(&clnt_threads[i], NULL, - (void *(*)(void *))do_multi_clnt, (void *)multi_data); - pthread_detach(clnt_threads[i]); - } - - for (i = 0; i < NUM_THREADS; i++) - { - SSL *ssl_svr; - int client_fd = accept(server_fd, - (struct sockaddr *)&client_addr, &clnt_len); - - if (client_fd < 0) - goto error; - - ssl_svr = ssl_server_new(ssl_server_ctx, client_fd); - - pthread_create(&svr_threads[i], NULL, - (void *(*)(void *))do_multi_svr, (void *)ssl_svr); - } - - /* make sure we've run all of the threads */ - for (i = 0; i < NUM_THREADS; i++) - { - void *thread_res; - pthread_join(svr_threads[i], &thread_res); - - if (*((int *)thread_res) != 0) - res = 1; - - free(thread_res); - } - - if (res) - goto error; - - printf("Multi-thread test passed (%d)\n", NUM_THREADS); -error: - ssl_ctx_free(ssl_server_ctx); - ssl_ctx_free(ssl_clnt_ctx); - SOCKET_CLOSE(server_fd); - return res; -} -#endif /* !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING) */ - -/************************************************************************** - * Header issue - * - **************************************************************************/ -static void do_header_issue(void) -{ - char axtls_buf[2048]; -#ifndef WIN32 - pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL); -#endif - sprintf(axtls_buf, "./axssl s_client -connect localhost:%d", g_port); - system(axtls_buf); -} - -static int header_issue(void) -{ - FILE *f = fopen("../ssl/test/header_issue.dat", "r"); - int server_fd = -1, client_fd = -1, ret = 1; - uint8_t buf[2048]; - int size = 0; - struct sockaddr_in client_addr; - socklen_t clnt_len = sizeof(client_addr); -#ifndef WIN32 - pthread_t thread; -#endif - - if (f == NULL || (server_fd = server_socket_init(&g_port)) < 0) - goto error; - -#ifndef WIN32 - pthread_create(&thread, NULL, - (void *(*)(void *))do_header_issue, NULL); - pthread_detach(thread); -#else - CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_header_issue, - NULL, 0, NULL); -#endif - if ((client_fd = accept(server_fd, - (struct sockaddr *) &client_addr, &clnt_len)) < 0) - { - ret = SSL_ERROR_SOCK_SETUP_FAILURE; - goto error; - } - - size = fread(buf, 1, sizeof(buf), f); - SOCKET_WRITE(client_fd, buf, size); - usleep(200000); - - ret = 0; -error: - fclose(f); - SOCKET_CLOSE(client_fd); - SOCKET_CLOSE(server_fd); - TTY_FLUSH(); - system("killall axssl"); - return ret; -} - -/************************************************************************** - * main() - * - **************************************************************************/ -int main(int argc, char *argv[]) -{ - int ret = 1; - BI_CTX *bi_ctx; - int fd; - -#ifdef WIN32 - WSADATA wsaData; - WORD wVersionRequested = MAKEWORD(2, 2); - WSAStartup(wVersionRequested, &wsaData); - fd = _open("test_result.txt", O_WRONLY|O_TEMPORARY|O_CREAT, _S_IWRITE); - dup2(fd, 2); /* write stderr to this file */ -#else - fd = open("/dev/null", O_WRONLY); /* write stderr to /dev/null */ - signal(SIGPIPE, SIG_IGN); /* ignore pipe errors */ - dup2(fd, 2); -#endif - - /* can't do testing in this mode */ -#if defined CONFIG_SSL_GENERATE_X509_CERT - printf("Error: Must compile with default key/certificates\n"); - exit(1); -#endif - - bi_ctx = bi_initialize(); - - if (AES_test(bi_ctx)) - { - printf("AES tests failed\n"); - goto cleanup; - } - TTY_FLUSH(); - - if (RC4_test(bi_ctx)) - { - printf("RC4 tests failed\n"); - goto cleanup; - } - TTY_FLUSH(); - - if (MD5_test(bi_ctx)) - { - printf("MD5 tests failed\n"); - goto cleanup; - } - TTY_FLUSH(); - - if (SHA1_test(bi_ctx)) - { - printf("SHA1 tests failed\n"); - goto cleanup; - } - TTY_FLUSH(); - - if (HMAC_test(bi_ctx)) - { - printf("HMAC tests failed\n"); - goto cleanup; - } - TTY_FLUSH(); - - if (BIGINT_test(bi_ctx)) - { - printf("BigInt tests failed!\n"); - goto cleanup; - } - TTY_FLUSH(); - - bi_terminate(bi_ctx); - - if (RSA_test()) - { - printf("RSA tests failed\n"); - goto cleanup; - } - TTY_FLUSH(); - - if (cert_tests()) - { - printf("CERT tests failed\n"); - goto cleanup; - } - TTY_FLUSH(); - -#if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING) - if (multi_thread_test()) - goto cleanup; -#endif - - if (SSL_basic_test()) - goto cleanup; - - system("sh ../ssl/test/killopenssl.sh"); - - if (SSL_client_tests()) - goto cleanup; - - system("sh ../ssl/test/killopenssl.sh"); - - if (SSL_server_tests()) - goto cleanup; - - system("sh ../ssl/test/killopenssl.sh"); - - if (header_issue()) - { - printf("Header tests failed\n"); TTY_FLUSH(); - goto cleanup; - } - - ret = 0; /* all ok */ - printf("**** ALL TESTS PASSED ****\n"); TTY_FLUSH(); -cleanup: - - if (ret) - printf("Error: Some tests failed!\n"); - - close(fd); - return ret; -} diff --git a/libs/nixio/axTLS/ssl/test/test_axssl.sh b/libs/nixio/axTLS/ssl/test/test_axssl.sh deleted file mode 100755 index acf11a630..000000000 --- a/libs/nixio/axTLS/ssl/test/test_axssl.sh +++ /dev/null @@ -1,163 +0,0 @@ -#!/bin/sh - -# -# Copyright (c) 2007, Cameron Rich -# -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# * Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the axTLS project nor the names of its -# contributors may be used to endorse or promote products derived -# from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY -# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -# -# Test the various axssl bindings. To run it, got to the _install directory -# and run this script from there. -# - -if grep "CONFIG_PLATFORM_WIN32=y" "../config/.config" > /dev/null; then - JAVA_EXE="$JAVA_HOME/bin/java.exe" - PERL_BIN="/cygdrive/c/Perl/bin/perl" - KILL_AXSSL="kill %1" - KILL_CSHARP="kill %1" - KILL_PERL="kill %1" - KILL_JAVA="kill %1" - KILL_LUA="kill %1" -else - if grep "CONFIG_PLATFORM_CYGWIN=y" "../config/.config" > /dev/null; then - # no .net or java on cygwin - PERL_BIN=/usr/bin/perl - KILL_AXSSL="killall axssl" - KILL_PERL="killall /usr/bin/perl" - KILL_LUA="killall /usr/local/bin/lua" - else # Linux - JAVA_EXE=/usr/java/default/bin/java - PERL_BIN=/usr/bin/perl - KILL_AXSSL="killall axssl" - KILL_CSHARP="killall mono" - KILL_PERL="killall /usr/bin/perl" - RUN_CSHARP="mono" - KILL_JAVA="killall $JAVA_EXE" - KILL_LUA="killall /usr/local/bin/lua" - fi -fi - -BASE=.. -SERVER_ARGS="s_server -accept 15001 -verify -CAfile $BASE/ssl/test/axTLS.ca_x509.cer" -CLIENT_ARGS="s_client -reconnect -connect localhost:15001 -verify -CAfile $BASE/ssl/test/axTLS.ca_x509.cer -key $BASE/ssl/test/axTLS.key_1024 -cert $BASE/ssl/test/axTLS.x509_1024.cer" - -# check pem arguments -SERVER_PEM_ARGS="s_server -accept 15001 -pass abcd -key $BASE/ssl/test/axTLS.key_aes128.pem -cert $BASE/ssl/test/axTLS.x509_aes128.pem" -CLIENT_PEM_ARGS="s_client -connect localhost:15001 -CAfile $BASE/ssl/test/axTLS.ca_x509.pem -key $BASE/ssl/test/axTLS.key_1024.pem -cert $BASE/ssl/test/axTLS.x509_1024.pem" - -export LD_LIBRARY_PATH=.:`perl -e 'use Config; print $Config{archlib};'`/CORE - -if [ -x ./axssl ]; then -echo "############################# C SAMPLE ###########################" -./axssl $SERVER_ARGS & -echo "C Test passed" | ./axssl $CLIENT_ARGS -$KILL_AXSSL -sleep 1 - -./axssl $SERVER_PEM_ARGS & -echo "C Test passed" | ./axssl $CLIENT_PEM_ARGS -$KILL_AXSSL -sleep 1 -echo "### C tests complete" -fi - -if [ -f ./axtls.jar ]; then -echo "########################## JAVA SAMPLE ###########################" -"$JAVA_EXE" -jar ./axtls.jar $SERVER_ARGS & -echo "Java Test passed" | "$JAVA_EXE" -jar ./axtls.jar $CLIENT_ARGS -$KILL_JAVA -sleep 1 - -"$JAVA_EXE" -jar ./axtls.jar $SERVER_PEM_ARGS & -echo "Java Test passed" | "$JAVA_EXE" -jar ./axtls.jar $CLIENT_PEM_ARGS -$KILL_JAVA -sleep 1 - -echo "### Java tests complete" -fi - -if [ -x ./axssl.csharp.exe ]; then -echo "############################ C# SAMPLE ###########################" -$RUN_CSHARP ./axssl.csharp.exe $SERVER_ARGS & -echo "C# Test passed" | $RUN_CSHARP ./axssl.csharp.exe $CLIENT_ARGS -$KILL_CSHARP -sleep 1 - -$RUN_CSHARP ./axssl.csharp.exe $SERVER_PEM_ARGS & -echo "C# Test passed" | $RUN_CSHARP ./axssl.csharp.exe $CLIENT_PEM_ARGS -$KILL_CSHARP -sleep 1 - -echo "### C# tests complete" -fi - -if [ -x ./axssl.vbnet.exe ]; then -echo "######################## VB.NET SAMPLE ###########################" -echo $SERVER_ARGS -echo $CLIENT_ARGS -./axssl.vbnet $SERVER_ARGS & -echo "VB.NET Test passed" | ./axssl.vbnet.exe $CLIENT_ARGS -kill %1 -sleep 1 - -./axssl.vbnet $SERVER_PEM_ARGS & -echo "VB.NET Test passed" | ./axssl.vbnet.exe $CLIENT_PEM_ARGS -kill %1 -sleep 1 -echo "### VB.NET tests complete" -fi - -if [ -f ./axssl.pl ]; then -echo "########################## PERL SAMPLE ###########################" -"$PERL_BIN" ./axssl.pl $SERVER_ARGS & -echo "Perl Test passed" | "$PERL_BIN" ./axssl.pl $CLIENT_ARGS -$KILL_PERL -sleep 1 - -"$PERL_BIN" ./axssl.pl $SERVER_PEM_ARGS & -echo "Perl Test passed" | "$PERL_BIN" ./axssl.pl $CLIENT_PEM_ARGS -$KILL_PERL -sleep 1 -echo "### Perl tests complete" -fi - -if [ -f ./axssl.lua ]; then -echo "########################## LUA SAMPLE ###########################" -./axssl.lua $SERVER_ARGS & -echo "Lua Test passed" | ./axssl.lua $CLIENT_ARGS -$KILL_LUA -sleep 1 - -./axssl.lua $SERVER_PEM_ARGS & -echo "Lua Test passed" | ./axssl.lua $CLIENT_PEM_ARGS -$KILL_LUA -sleep 1 -echo "### Lua tests complete" -fi - -echo "########################## ALL TESTS COMPLETE ###########################" diff --git a/libs/nixio/axTLS/ssl/test/thawte.x509_ca b/libs/nixio/axTLS/ssl/test/thawte.x509_ca Binary files differdeleted file mode 100644 index 59b1059f8..000000000 --- a/libs/nixio/axTLS/ssl/test/thawte.x509_ca +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/verisign.x509_ca b/libs/nixio/axTLS/ssl/test/verisign.x509_ca Binary files differdeleted file mode 100644 index d2ea1289d..000000000 --- a/libs/nixio/axTLS/ssl/test/verisign.x509_ca +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/verisign.x509_ca.pem b/libs/nixio/axTLS/ssl/test/verisign.x509_ca.pem deleted file mode 100644 index d5ef5d241..000000000 --- a/libs/nixio/axTLS/ssl/test/verisign.x509_ca.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICmDCCAgECECCol67bggLewTagTia9h3MwDQYJKoZIhvcNAQECBQAwgYwxCzAJ -BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEwMC4GA1UECxMnRm9y -IFRlc3QgUHVycG9zZXMgT25seS4gIE5vIGFzc3VyYW5jZXMuMTIwMAYDVQQDEylW -ZXJpU2lnbiBUcmlhbCBTZWN1cmUgU2VydmVyIFRlc3QgUm9vdCBDQTAeFw0wNTAy -MDkwMDAwMDBaFw0yNTAyMDgyMzU5NTlaMIGMMQswCQYDVQQGEwJVUzEXMBUGA1UE -ChMOVmVyaVNpZ24sIEluYy4xMDAuBgNVBAsTJ0ZvciBUZXN0IFB1cnBvc2VzIE9u -bHkuICBObyBhc3N1cmFuY2VzLjEyMDAGA1UEAxMpVmVyaVNpZ24gVHJpYWwgU2Vj -dXJlIFNlcnZlciBUZXN0IFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ -AoGBAJ8h98U7klaZH5cEn6CSEKmGWVBsTwHIaMAAVqGqCUn7Q9C10sEOIHBznyLy -eSDjMs5M1nC/iAA7KCASf/yHz0AdlU+1IRSijwHTF/2dYSoTTxP2GCmtL1Ga4i7+ -zDDo086V7+NiFAGJj+CYey47ue4Xa33o/4YOA9PGL87oqFe7AgMBAAEwDQYJKoZI -hvcNAQECBQADgYEAOq447rP5EDqFEl3vhLhgTbnyaskNYwPvxk+0grnQyDA4sF/q -gK8nFlnvLmAOF3DmfuqW6WSr4zqTYzpwmJlsn48Om/yWirL8GuWRftit2POxTfHS -B8VmR+PZx2k24UgWUZyojDGxJtiHd3tjCdqFgTit4NK429cWOcZrh47xeOI= ------END CERTIFICATE----- diff --git a/libs/nixio/axTLS/ssl/test/verisign.x509_my_cert b/libs/nixio/axTLS/ssl/test/verisign.x509_my_cert Binary files differdeleted file mode 100644 index 426c9ff7f..000000000 --- a/libs/nixio/axTLS/ssl/test/verisign.x509_my_cert +++ /dev/null diff --git a/libs/nixio/axTLS/ssl/test/verisign.x509_my_cert.pem b/libs/nixio/axTLS/ssl/test/verisign.x509_my_cert.pem deleted file mode 100644 index 5b6c1ffed..000000000 --- a/libs/nixio/axTLS/ssl/test/verisign.x509_my_cert.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEQzCCA6ygAwIBAgIQR/dXCzC/x5Ta5RvL6hKEojANBgkqhkiG9w0BAQUFADCB -jDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL -EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbmNlcy4xMjAwBgNV -BAMTKVZlcmlTaWduIFRyaWFsIFNlY3VyZSBTZXJ2ZXIgVGVzdCBSb290IENBMB4X -DTA2MDExNjAwMDAwMFoXDTA2MDEzMDIzNTk1OVowgbkxCzAJBgNVBAYTAkFVMQww -CgYDVQQIEwNRbGQxETAPBgNVBAcUCEJyaXNiYW5lMRkwFwYDVQQKFBBheG9sb1RM -UyBQcm9qZWN0MRUwEwYDVQQLFAwxMDI0IGJpdCBrZXkxOjA4BgNVBAsUMVRlcm1z -IG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EgKGMpMDUxGzAZ -BgNVBAMUEnd3dy5heG9sb3Rscy5jby5ucjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw -gYkCgYEAttzj5S7qfOZIrh9xg8bgjTOKbSIbLBuMnxAwfGRcUrQO2EQOHd6kMjXR -hqY/cG2IG4G8AeqdV3nHlKbrbHbRa1lFgP6b0BQCE8TyxmP+tIAqn5L6/HTm+EEi -Ad1Pxjeok6e7F6UXHxJltSGHmOhAf3C5kPq/FQ6QZeG4yD/uzPkCAwEAAaOCAXUw -ggFxMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMEcGA1UdHwRAMD4wPKA6oDiGNmh0 -dHA6Ly9TVlJTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9TVlJUcmlhbFJvb3QyMDA1 -LmNybDBKBgNVHSAEQzBBMD8GCmCGSAGG+EUBBxUwMTAvBggrBgEFBQcCARYjaHR0 -cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EwHQYDVR0lBBYwFAYIKwYB -BQUHAwEGCCsGAQUFBwMCMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 -cDovL29jc3AudmVyaXNpZ24uY29tMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUW -CWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUW -I2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEB -BQUAA4GBACtlCTJFENCcHCQLHJfiotqr2XR+oWu0MstNm8dG6WB+zYprrT+kOPDn -1rMO7YLx76f67fC+lIXz720kQHk6LsZ8hPBQvIXnfIsKjng73DeFzBmTMFz6Qxjd -+E0FUCKplqrdwUkmR4kH6O4pdGE4AlXJNiUI2903yYdSRVMOuLuR ------END CERTIFICATE----- |