lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-08 17:42:09 +03:00
Code Activity

- Renamed include directory to polarssl

Browse Source
This commit is contained in:
Paul Bakker
2009-01-03 21:22:43 +00:00
commit 5121ce5bdb
119 changed files with 27558 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
programs/Makefile Normal file
View File

@@ -0,0 +1,97 @@
# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS
# To compile on MinGW: add "-lws2_32" to LDFLAGS
CFLAGS = -I../include -D_FILE_OFFSET_BITS=64
OFLAGS = -O
LDFLAGS = -L../library -lxyssl
APPS = aes/aescrypt2 hash/hello \
hash/md5sum hash/sha1sum \
hash/sha2sum pkey/dh_client \
pkey/dh_genprime pkey/dh_server \
pkey/mpi_demo pkey/rsa_genkey \
pkey/rsa_sign pkey/rsa_verify \
ssl/ssl_client1 ssl/ssl_client2 \
ssl/ssl_server test/benchmark \
test/selftest test/ssl_test
.SILENT:
all: $(APPS)
aes/aescrypt2: aes/aescrypt2.c ../library/libxyssl.a
echo " CC aes/aescrypt2.c"
$(CC) $(CFLAGS) $(OFLAGS) aes/aescrypt2.c $(LDFLAGS) -o $@
hash/hello: hash/hello.c ../library/libxyssl.a
echo " CC hash/hello.c"
$(CC) $(CFLAGS) $(OFLAGS) hash/hello.c $(LDFLAGS) -o $@
hash/md5sum: hash/md5sum.c ../library/libxyssl.a
echo " CC hash/md5sum.c"
$(CC) $(CFLAGS) $(OFLAGS) hash/md5sum.c $(LDFLAGS) -o $@
hash/sha1sum: hash/sha1sum.c ../library/libxyssl.a
echo " CC hash/sha1sum.c"
$(CC) $(CFLAGS) $(OFLAGS) hash/sha1sum.c $(LDFLAGS) -o $@
hash/sha2sum: hash/sha2sum.c ../library/libxyssl.a
echo " CC hash/sha2sum.c"
$(CC) $(CFLAGS) $(OFLAGS) hash/sha2sum.c $(LDFLAGS) -o $@
pkey/dh_client: pkey/dh_client.c ../library/libxyssl.a
echo " CC pkey/dh_client.c"
$(CC) $(CFLAGS) $(OFLAGS) pkey/dh_client.c $(LDFLAGS) -o $@
pkey/dh_genprime: pkey/dh_genprime.c ../library/libxyssl.a
echo " CC pkey/dh_genprime.c"
$(CC) $(CFLAGS) $(OFLAGS) pkey/dh_genprime.c $(LDFLAGS) -o $@
pkey/dh_server: pkey/dh_server.c ../library/libxyssl.a
echo " CC pkey/dh_server.c"
$(CC) $(CFLAGS) $(OFLAGS) pkey/dh_server.c $(LDFLAGS) -o $@
pkey/mpi_demo: pkey/mpi_demo.c ../library/libxyssl.a
echo " CC pkey/mpi_demo.c"
$(CC) $(CFLAGS) $(OFLAGS) pkey/mpi_demo.c $(LDFLAGS) -o $@
pkey/rsa_genkey: pkey/rsa_genkey.c ../library/libxyssl.a
echo " CC pkey/rsa_genkey.c"
$(CC) $(CFLAGS) $(OFLAGS) pkey/rsa_genkey.c $(LDFLAGS) -o $@
pkey/rsa_sign: pkey/rsa_sign.c ../library/libxyssl.a
echo " CC pkey/rsa_sign.c"
$(CC) $(CFLAGS) $(OFLAGS) pkey/rsa_sign.c $(LDFLAGS) -o $@
pkey/rsa_verify: pkey/rsa_verify.c ../library/libxyssl.a
echo " CC pkey/rsa_verify.c"
$(CC) $(CFLAGS) $(OFLAGS) pkey/rsa_verify.c $(LDFLAGS) -o $@
ssl/ssl_client1: ssl/ssl_client1.c ../library/libxyssl.a
echo " CC ssl/ssl_client1.c"
$(CC) $(CFLAGS) $(OFLAGS) ssl/ssl_client1.c $(LDFLAGS) -o $@
ssl/ssl_client2: ssl/ssl_client2.c ../library/libxyssl.a
echo " CC ssl/ssl_client2.c"
$(CC) $(CFLAGS) $(OFLAGS) ssl/ssl_client2.c $(LDFLAGS) -o $@
ssl/ssl_server: ssl/ssl_server.c ../library/libxyssl.a
echo " CC ssl/ssl_server.c"
$(CC) $(CFLAGS) $(OFLAGS) ssl/ssl_server.c $(LDFLAGS) -o $@
test/benchmark: test/benchmark.c ../library/libxyssl.a
echo " CC test/benchmark.c"
$(CC) $(CFLAGS) $(OFLAGS) test/benchmark.c $(LDFLAGS) -o $@
test/selftest: test/selftest.c ../library/libxyssl.a
echo " CC test/selftest.c"
$(CC) $(CFLAGS) $(OFLAGS) test/selftest.c $(LDFLAGS) -o $@
test/ssl_test: test/ssl_test.c ../library/libxyssl.a
echo " CC test/ssl_test.c"
$(CC) $(CFLAGS) $(OFLAGS) test/ssl_test.c $(LDFLAGS) -o $@
clean:
rm -f $(APPS)

396
programs/aes/aescrypt2.c Normal file
View File

@@ -0,0 +1,396 @@
/*
* AES-256 file encryption program
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#if defined(WIN32)
#include <windows.h>
#include <io.h>
#else
#include <sys/types.h>
#include <unistd.h>
#endif
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <time.h>
#include "xyssl/aes.h"
#include "xyssl/sha2.h"
#define MODE_ENCRYPT 0
#define MODE_DECRYPT 1
#define USAGE \
"\n aescrypt2 <mode> <input filename> <output filename> <key>\n" \
"\n <mode>: 0 = encrypt, 1 = decrypt\n" \
"\n example: aescrypt2 0 file file.aes hex:E76B2413958B00E193\n" \
"\n"
int main( int argc, char *argv[] )
{
int ret = 1, i, n;
int keylen, mode, lastn;
FILE *fkey, *fin, *fout;
char *p;
unsigned char IV[16];
unsigned char key[512];
unsigned char digest[32];
unsigned char buffer[1024];
aes_context aes_ctx;
sha2_context sha_ctx;
#if defined(WIN32)
LARGE_INTEGER li_size;
__int64 filesize, offset;
#else
off_t filesize, offset;
#endif
/*
* Parse the command-line arguments.
*/
if( argc != 5 )
{
printf( USAGE );
#if defined(WIN32)
printf( "\n Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
goto exit;
}
mode = atoi( argv[1] );
if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
{
fprintf( stderr, "invalide operation mode\n" );
goto exit;
}
if( strcmp( argv[2], argv[3] ) == 0 )
{
fprintf( stderr, "input and output filenames must differ\n" );
goto exit;
}
if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
{
fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] );
goto exit;
}
if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
{
fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] );
goto exit;
}
/*
* Read the secret key and clean the command line.
*/
if( ( fkey = fopen( argv[4], "rb" ) ) != NULL )
{
keylen = fread( key, 1, sizeof( key ), fkey );
fclose( fkey );
}
else
{
if( memcmp( argv[4], "hex:", 4 ) == 0 )
{
p = &argv[4][4];
keylen = 0;
while( sscanf( p, "%02X", &n ) > 0 &&
keylen < (int) sizeof( key ) )
{
key[keylen++] = (unsigned char) n;
p += 2;
}
}
else
{
keylen = strlen( argv[4] );
if( keylen > (int) sizeof( key ) )
keylen = (int) sizeof( key );
memcpy( key, argv[4], keylen );
}
}
memset( argv[4], 0, strlen( argv[4] ) );
#if defined(WIN32)
/*
* Support large files (> 2Gb) on Win32
*/
li_size.QuadPart = 0;
li_size.LowPart =
SetFilePointer( (HANDLE) _get_osfhandle( _fileno( fin ) ),
li_size.LowPart, &li_size.HighPart, FILE_END );
if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR )
{
fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
goto exit;
}
filesize = li_size.QuadPart;
#else
if( ( filesize = lseek( fileno( fin ), 0, SEEK_END ) ) < 0 )
{
perror( "lseek" );
goto exit;
}
#endif
if( fseek( fin, 0, SEEK_SET ) < 0 )
{
fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
goto exit;
}
if( mode == MODE_ENCRYPT )
{
/*
* Generate the initialization vector as:
* IV = SHA-256( filesize || filename )[0..15]
*/
for( i = 0; i < 8; i++ )
buffer[i] = (unsigned char)( filesize >> ( i << 3 ) );
p = argv[2];
sha2_starts( &sha_ctx, 0 );
sha2_update( &sha_ctx, buffer, 8 );
sha2_update( &sha_ctx, (unsigned char *) p, strlen( p ) );
sha2_finish( &sha_ctx, digest );
memcpy( IV, digest, 16 );
/*
* The last four bits in the IV are actually used
* to store the file size modulo the AES block size.
*/
lastn = (int)( filesize & 0x0F );
IV[15] = (unsigned char)
( ( IV[15] & 0xF0 ) | lastn );
/*
* Append the IV at the beginning of the output.
*/
if( fwrite( IV, 1, 16, fout ) != 16 )
{
fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
goto exit;
}
/*
* Hash the IV and the secret key together 8192 times
* using the result to setup the AES context and HMAC.
*/
memset( digest, 0, 32 );
memcpy( digest, IV, 16 );
for( i = 0; i < 8192; i++ )
{
sha2_starts( &sha_ctx, 0 );
sha2_update( &sha_ctx, digest, 32 );
sha2_update( &sha_ctx, key, keylen );
sha2_finish( &sha_ctx, digest );
}
memset( key, 0, sizeof( key ) );
aes_setkey_enc( &aes_ctx, digest, 256 );
sha2_hmac_starts( &sha_ctx, digest, 32, 0 );
/*
* Encrypt and write the ciphertext.
*/
for( offset = 0; offset < filesize; offset += 16 )
{
n = ( filesize - offset > 16 ) ? 16 : (int)
( filesize - offset );
if( fread( buffer, 1, n, fin ) != (size_t) n )
{
fprintf( stderr, "fread(%d bytes) failed\n", n );
goto exit;
}
for( i = 0; i < 16; i++ )
buffer[i] = (unsigned char)( buffer[i] ^ IV[i] );
aes_crypt_ecb( &aes_ctx, AES_ENCRYPT, buffer, buffer );
sha2_hmac_update( &sha_ctx, buffer, 16 );
if( fwrite( buffer, 1, 16, fout ) != 16 )
{
fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
goto exit;
}
memcpy( IV, buffer, 16 );
}
/*
* Finally write the HMAC.
*/
sha2_hmac_finish( &sha_ctx, digest );
if( fwrite( digest, 1, 32, fout ) != 32 )
{
fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
goto exit;
}
}
if( mode == MODE_DECRYPT )
{
unsigned char tmp[16];
/*
* The encrypted file must be structured as follows:
*
* 00 .. 15 Initialization Vector
* 16 .. 31 AES Encrypted Block #1
* ..
* N*16 .. (N+1)*16 - 1 AES Encrypted Block #N
* (N+1)*16 .. (N+1)*16 + 32 HMAC-SHA-256(ciphertext)
*/
if( filesize < 48 )
{
fprintf( stderr, "File too short to be encrypted.\n" );
goto exit;
}
if( ( filesize & 0x0F ) != 0 )
{
fprintf( stderr, "File size not a multiple of 16.\n" );
goto exit;
}
/*
* Substract the IV + HMAC length.
*/
filesize -= ( 16 + 32 );
/*
* Read the IV and original filesize modulo 16.
*/
if( fread( buffer, 1, 16, fin ) != 16 )
{
fprintf( stderr, "fread(%d bytes) failed\n", 16 );
goto exit;
}
memcpy( IV, buffer, 16 );
lastn = IV[15] & 0x0F;
/*
* Hash the IV and the secret key together 8192 times
* using the result to setup the AES context and HMAC.
*/
memset( digest, 0, 32 );
memcpy( digest, IV, 16 );
for( i = 0; i < 8192; i++ )
{
sha2_starts( &sha_ctx, 0 );
sha2_update( &sha_ctx, digest, 32 );
sha2_update( &sha_ctx, key, keylen );
sha2_finish( &sha_ctx, digest );
}
memset( key, 0, sizeof( key ) );
aes_setkey_dec( &aes_ctx, digest, 256 );
sha2_hmac_starts( &sha_ctx, digest, 32, 0 );
/*
* Decrypt and write the plaintext.
*/
for( offset = 0; offset < filesize; offset += 16 )
{
if( fread( buffer, 1, 16, fin ) != 16 )
{
fprintf( stderr, "fread(%d bytes) failed\n", 16 );
goto exit;
}
memcpy( tmp, buffer, 16 );
sha2_hmac_update( &sha_ctx, buffer, 16 );
aes_crypt_ecb( &aes_ctx, AES_DECRYPT, buffer, buffer );
for( i = 0; i < 16; i++ )
buffer[i] = (unsigned char)( buffer[i] ^ IV[i] );
memcpy( IV, tmp, 16 );
n = ( lastn > 0 && offset == filesize - 16 )
? lastn : 16;
if( fwrite( buffer, 1, n, fout ) != (size_t) n )
{
fprintf( stderr, "fwrite(%d bytes) failed\n", n );
goto exit;
}
}
/*
* Verify the message authentication code.
*/
sha2_hmac_finish( &sha_ctx, digest );
if( fread( buffer, 1, 32, fin ) != 32 )
{
fprintf( stderr, "fread(%d bytes) failed\n", 32 );
goto exit;
}
if( memcmp( digest, buffer, 32 ) != 0 )
{
fprintf( stderr, "HMAC check failed: wrong key, "
"or file corrupted.\n" );
goto exit;
}
}
ret = 0;
exit:
memset( buffer, 0, sizeof( buffer ) );
memset( digest, 0, sizeof( digest ) );
memset( &aes_ctx, 0, sizeof( aes_context ) );
memset( &sha_ctx, 0, sizeof( sha2_context ) );
return( ret );
}

50
programs/hash/hello.c Normal file
View File

@@ -0,0 +1,50 @@
/*
* Classic "Hello, world" demonstration program
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#include <stdio.h>
#include "xyssl/md5.h"
int main( void )
{
int i;
unsigned char digest[16];
char str[] = "Hello, world!";
printf( "\n MD5('%s') = ", str );
md5( (unsigned char *) str, 13, digest );
for( i = 0; i < 16; i++ )
printf( "%02x", digest[i] );
printf( "\n\n" );
#ifdef WIN32
printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( 0 );
}

156
programs/hash/md5sum.c Normal file
View File

@@ -0,0 +1,156 @@
/*
* md5sum demonstration program
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#include <string.h>
#include <stdio.h>
#include "xyssl/md5.h"
static int md5_wrapper( char *filename, unsigned char *sum )
{
int ret = md5_file( filename, sum );
if( ret == 1 )
fprintf( stderr, "failed to open: %s\n", filename );
if( ret == 2 )
fprintf( stderr, "failed to read: %s\n", filename );
return( ret );
}
static int md5_print( char *filename )
{
int i;
unsigned char sum[16];
if( md5_wrapper( filename, sum ) != 0 )
return( 1 );
for( i = 0; i < 16; i++ )
printf( "%02x", sum[i] );
printf( " %s\n", filename );
return( 0 );
}
static int md5_check( char *filename )
{
int i;
size_t n;
FILE *f;
int nb_err1, nb_err2;
int nb_tot1, nb_tot2;
unsigned char sum[16];
char buf[33], line[1024];
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
printf( "failed to open: %s\n", filename );
return( 1 );
}
nb_err1 = nb_err2 = 0;
nb_tot1 = nb_tot2 = 0;
memset( line, 0, sizeof( line ) );
n = sizeof( line );
while( fgets( line, n - 1, f ) != NULL )
{
n = strlen( line );
if( n < 36 )
continue;
if( line[32] != ' ' || line[33] != ' ' )
continue;
if( line[n - 1] == '\n' ) { n--; line[n] = '\0'; }
if( line[n - 1] == '\r' ) { n--; line[n] = '\0'; }
nb_tot1++;
if( md5_wrapper( line + 34, sum ) != 0 )
{
nb_err1++;
continue;
}
nb_tot2++;
for( i = 0; i < 16; i++ )
sprintf( buf + i * 2, "%02x", sum[i] );
if( memcmp( line, buf, 32 ) != 0 )
{
nb_err2++;
fprintf( stderr, "wrong checksum: %s\n", line + 34 );
}
n = sizeof( line );
}
if( nb_err1 != 0 )
{
printf( "WARNING: %d (out of %d) input files could "
"not be read\n", nb_err1, nb_tot1 );
}
if( nb_err2 != 0 )
{
printf( "WARNING: %d (out of %d) computed checksums did "
"not match\n", nb_err2, nb_tot2 );
}
return( nb_err1 != 0 || nb_err2 != 0 );
}
int main( int argc, char *argv[] )
{
int ret, i;
if( argc == 1 )
{
printf( "print mode: md5sum <file> <file> ...\n" );
printf( "check mode: md5sum -c <checksum file>\n" );
#ifdef WIN32
printf( "\n Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( 1 );
}
if( argc == 3 && strcmp( "-c", argv[1] ) == 0 )
return( md5_check( argv[2] ) );
ret = 0;
for( i = 1; i < argc; i++ )
ret |= md5_print( argv[i] );
return( ret );
}

156
programs/hash/sha1sum.c Normal file
View File

@@ -0,0 +1,156 @@
/*
* sha1sum demonstration program
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#include <string.h>
#include <stdio.h>
#include "xyssl/sha1.h"
static int sha1_wrapper( char *filename, unsigned char *sum )
{
int ret = sha1_file( filename, sum );
if( ret == 1 )
fprintf( stderr, "failed to open: %s\n", filename );
if( ret == 2 )
fprintf( stderr, "failed to read: %s\n", filename );
return( ret );
}
static int sha1_print( char *filename )
{
int i;
unsigned char sum[20];
if( sha1_wrapper( filename, sum ) != 0 )
return( 1 );
for( i = 0; i < 20; i++ )
printf( "%02x", sum[i] );
printf( " %s\n", filename );
return( 0 );
}
static int sha1_check( char *filename )
{
int i;
size_t n;
FILE *f;
int nb_err1, nb_err2;
int nb_tot1, nb_tot2;
unsigned char sum[20];
char buf[41], line[1024];
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
printf( "failed to open: %s\n", filename );
return( 1 );
}
nb_err1 = nb_err2 = 0;
nb_tot1 = nb_tot2 = 0;
memset( line, 0, sizeof( line ) );
n = sizeof( line );
while( fgets( line, n - 1, f ) != NULL )
{
n = strlen( line );
if( n < 44 )
continue;
if( line[40] != ' ' || line[41] != ' ' )
continue;
if( line[n - 1] == '\n' ) { n--; line[n] = '\0'; }
if( line[n - 1] == '\r' ) { n--; line[n] = '\0'; }
nb_tot1++;
if( sha1_wrapper( line + 42, sum ) != 0 )
{
nb_err1++;
continue;
}
nb_tot2++;
for( i = 0; i < 20; i++ )
sprintf( buf + i * 2, "%02x", sum[i] );
if( memcmp( line, buf, 40 ) != 0 )
{
nb_err2++;
fprintf( stderr, "wrong checksum: %s\n", line + 42 );
}
n = sizeof( line );
}
if( nb_err1 != 0 )
{
printf( "WARNING: %d (out of %d) input files could "
"not be read\n", nb_err1, nb_tot1 );
}
if( nb_err2 != 0 )
{
printf( "WARNING: %d (out of %d) computed checksums did "
"not match\n", nb_err2, nb_tot2 );
}
return( nb_err1 != 0 || nb_err2 != 0 );
}
int main( int argc, char *argv[] )
{
int ret, i;
if( argc == 1 )
{
printf( "print mode: sha1sum <file> <file> ...\n" );
printf( "check mode: sha1sum -c <checksum file>\n" );
#ifdef WIN32
printf( "\n Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( 1 );
}
if( argc == 3 && strcmp( "-c", argv[1] ) == 0 )
return( sha1_check( argv[2] ) );
ret = 0;
for( i = 1; i < argc; i++ )
ret |= sha1_print( argv[i] );
return( ret );
}

156
programs/hash/sha2sum.c Normal file
View File

@@ -0,0 +1,156 @@
/*
* sha2sum demonstration program
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#include <string.h>
#include <stdio.h>
#include "xyssl/sha2.h"
static int sha2_wrapper( char *filename, unsigned char *sum )
{
int ret = sha2_file( filename, sum, 0 );
if( ret == 1 )
fprintf( stderr, "failed to open: %s\n", filename );
if( ret == 2 )
fprintf( stderr, "failed to read: %s\n", filename );
return( ret );
}
static int sha2_print( char *filename )
{
int i;
unsigned char sum[32];
if( sha2_wrapper( filename, sum ) != 0 )
return( 1 );
for( i = 0; i < 32; i++ )
printf( "%02x", sum[i] );
printf( " %s\n", filename );
return( 0 );
}
static int sha2_check( char *filename )
{
int i;
size_t n;
FILE *f;
int nb_err1, nb_err2;
int nb_tot1, nb_tot2;
unsigned char sum[32];
char buf[65], line[1024];
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
printf( "failed to open: %s\n", filename );
return( 1 );
}
nb_err1 = nb_err2 = 0;
nb_tot1 = nb_tot2 = 0;
memset( line, 0, sizeof( line ) );
n = sizeof( line );
while( fgets( line, n - 1, f ) != NULL )
{
n = strlen( line );
if( n < 68 )
continue;
if( line[64] != ' ' || line[65] != ' ' )
continue;
if( line[n - 1] == '\n' ) { n--; line[n] = '\0'; }
if( line[n - 1] == '\r' ) { n--; line[n] = '\0'; }
nb_tot1++;
if( sha2_wrapper( line + 66, sum ) != 0 )
{
nb_err1++;
continue;
}
nb_tot2++;
for( i = 0; i < 32; i++ )
sprintf( buf + i * 2, "%02x", sum[i] );
if( memcmp( line, buf, 64 ) != 0 )
{
nb_err2++;
fprintf( stderr, "wrong checksum: %s\n", line + 66 );
}
n = sizeof( line );
}
if( nb_err1 != 0 )
{
printf( "WARNING: %d (out of %d) input files could "
"not be read\n", nb_err1, nb_tot1 );
}
if( nb_err2 != 0 )
{
printf( "WARNING: %d (out of %d) computed checksums did "
"not match\n", nb_err2, nb_tot2 );
}
return( nb_err1 != 0 || nb_err2 != 0 );
}
int main( int argc, char *argv[] )
{
int ret, i;
if( argc == 1 )
{
printf( "print mode: sha2sum <file> <file> ...\n" );
printf( "check mode: sha2sum -c <checksum file>\n" );
#ifdef WIN32
printf( "\n Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( 1 );
}
if( argc == 3 && strcmp( "-c", argv[1] ) == 0 )
return( sha2_check( argv[2] ) );
ret = 0;
for( i = 1; i < argc; i++ )
ret |= sha2_print( argv[i] );
return( ret );
}

249
programs/pkey/dh_client.c Normal file
View File

@@ -0,0 +1,249 @@
/*
* Diffie-Hellman-Merkle key exchange (client side)
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#include <string.h>
#include <stdio.h>
#include "xyssl/net.h"
#include "xyssl/aes.h"
#include "xyssl/dhm.h"
#include "xyssl/rsa.h"
#include "xyssl/sha1.h"
#include "xyssl/havege.h"
#define SERVER_NAME "localhost"
#define SERVER_PORT 11999
int main( void )
{
FILE *f;
int ret, n, buflen;
int server_fd = -1;
unsigned char *p, *end;
unsigned char buf[1024];
unsigned char hash[20];
havege_state hs;
rsa_context rsa;
dhm_context dhm;
aes_context aes;
memset( &rsa, 0, sizeof( rsa ) );
memset( &dhm, 0, sizeof( dhm ) );
/*
* 1. Setup the RNG
*/
printf( "\n . Seeding the random number generator" );
fflush( stdout );
havege_init( &hs );
/*
* 2. Read the server's public RSA key
*/
printf( "\n . Reading public key from rsa_pub.txt" );
fflush( stdout );
if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
{
ret = 1;
printf( " failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
rsa_init( &rsa, RSA_PKCS_V15, 0, NULL, NULL );
if( ( ret = mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.E, 16, f ) ) != 0 )
{
printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
goto exit;
}
rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3;
fclose( f );
/*
* 3. Initiate the connection
*/
printf( "\n . Connecting to tcp/%s/%d", SERVER_NAME,
SERVER_PORT );
fflush( stdout );
if( ( ret = net_connect( &server_fd, SERVER_NAME,
SERVER_PORT ) ) != 0 )
{
printf( " failed\n ! net_connect returned %d\n\n", ret );
goto exit;
}
/*
* 4a. First get the buffer length
*/
printf( "\n . Receiving the server's DH parameters" );
fflush( stdout );
memset( buf, 0, sizeof( buf ) );
if( ( ret = net_recv( &server_fd, buf, 2 ) ) != 2 )
{
printf( " failed\n ! net_recv returned %d\n\n", ret );
goto exit;
}
n = buflen = ( buf[0] << 8 ) | buf[1];
if( buflen < 1 || buflen > (int) sizeof( buf ) )
{
printf( " failed\n ! Got an invalid buffer length\n\n" );
goto exit;
}
/*
* 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P
*/
memset( buf, 0, sizeof( buf ) );
if( ( ret = net_recv( &server_fd, buf, n ) ) != n )
{
printf( " failed\n ! net_recv returned %d\n\n", ret );
goto exit;
}
p = buf, end = buf + buflen;
if( ( ret = dhm_read_params( &dhm, &p, end ) ) != 0 )
{
printf( " failed\n ! dhm_read_params returned %d\n\n", ret );
goto exit;
}
if( dhm.len < 64 || dhm.len > 256 )
{
ret = 1;
printf( " failed\n ! Invalid DHM modulus size\n\n" );
goto exit;
}
/*
* 5. Check that the server's RSA signature matches
* the SHA-1 hash of (P,G,Ys)
*/
printf( "\n . Verifying the server's RSA signature" );
fflush( stdout );
if( ( n = (int)( end - p ) ) != rsa.len )
{
ret = 1;
printf( " failed\n ! Invalid RSA signature size\n\n" );
goto exit;
}
sha1( buf, (int)( p - 2 - buf ), hash );
if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, RSA_SHA1,
0, hash, p ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret );
goto exit;
}
/*
* 6. Send our public value: Yc = G ^ Xc mod P
*/
printf( "\n . Sending own public value to server" );
fflush( stdout );
n = dhm.len;
if( ( ret = dhm_make_public( &dhm, 256, buf, n,
havege_rand, &hs ) ) != 0 )
{
printf( " failed\n ! dhm_make_public returned %d\n\n", ret );
goto exit;
}
if( ( ret = net_send( &server_fd, buf, n ) ) != n )
{
printf( " failed\n ! net_send returned %d\n\n", ret );
goto exit;
}
/*
* 7. Derive the shared secret: K = Ys ^ Xc mod P
*/
printf( "\n . Shared secret: " );
fflush( stdout );
n = dhm.len;
if( ( ret = dhm_calc_secret( &dhm, buf, &n ) ) != 0 )
{
printf( " failed\n ! dhm_calc_secret returned %d\n\n", ret );
goto exit;
}
for( n = 0; n < 16; n++ )
printf( "%02x", buf[n] );
/*
* 8. Setup the AES-256 decryption key
*
* This is an overly simplified example; best practice is
* to hash the shared secret with a random value to derive
* the keying material for the encryption/decryption keys,
* IVs and MACs.
*/
printf( "...\n . Receiving and decrypting the ciphertext" );
fflush( stdout );
aes_setkey_dec( &aes, buf, 256 );
memset( buf, 0, sizeof( buf ) );
if( ( ret = net_recv( &server_fd, buf, 16 ) ) != 16 )
{
printf( " failed\n ! net_recv returned %d\n\n", ret );
goto exit;
}
aes_crypt_ecb( &aes, AES_DECRYPT, buf, buf );
buf[16] = '\0';
printf( "\n . Plaintext is \"%s\"\n\n", (char *) buf );
exit:
net_close( server_fd );
rsa_free( &rsa );
dhm_free( &dhm );
#ifdef WIN32
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}

122
programs/pkey/dh_genprime.c Normal file
View File

@@ -0,0 +1,122 @@
/*
* Diffie-Hellman-Merkle key exchange (prime generation)
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#include <stdio.h>
#include "xyssl/bignum.h"
#include "xyssl/config.h"
#include "xyssl/havege.h"
/*
* Note: G = 4 is always a quadratic residue mod P,
* so it is a generator of order Q (with P = 2*Q+1).
*/
#define DH_P_SIZE 1024
#define GENERATOR "4"
int main( void )
{
int ret = 1;
#if defined(XYSSL_GENPRIME)
mpi G, P, Q;
havege_state hs;
FILE *fout;
mpi_init( &G, &P, &Q, NULL );
mpi_read_string( &G, 10, GENERATOR );
printf( "\n . Seeding the random number generator..." );
fflush( stdout );
havege_init( &hs );
printf( " ok\n . Generating the modulus, please wait..." );
fflush( stdout );
/*
* This can take a long time...
*/
if( ( ret = mpi_gen_prime( &P, DH_P_SIZE, 1,
havege_rand, &hs ) ) != 0 )
{
printf( " failed\n ! mpi_gen_prime returned %d\n\n", ret );
goto exit;
}
printf( " ok\n . Verifying that Q = (P-1)/2 is prime..." );
fflush( stdout );
if( ( ret = mpi_sub_int( &Q, &P, 1 ) ) != 0 )
{
printf( " failed\n ! mpi_sub_int returned %d\n\n", ret );
goto exit;
}
if( ( ret = mpi_div_int( &Q, NULL, &Q, 2 ) ) != 0 )
{
printf( " failed\n ! mpi_div_int returned %d\n\n", ret );
goto exit;
}
if( ( ret = mpi_is_prime( &Q, havege_rand, &hs ) ) != 0 )
{
printf( " failed\n ! mpi_is_prime returned %d\n\n", ret );
goto exit;
}
printf( " ok\n . Exporting the value in dh_prime.txt..." );
fflush( stdout );
if( ( fout = fopen( "dh_prime.txt", "wb+" ) ) == NULL )
{
ret = 1;
printf( " failed\n ! Could not create dh_prime.txt\n\n" );
goto exit;
}
if( ( ret = mpi_write_file( "P = ", &P, 16, fout ) != 0 ) ||
( ret = mpi_write_file( "G = ", &G, 16, fout ) != 0 ) )
{
printf( " failed\n ! mpi_write_file returned %d\n\n", ret );
goto exit;
}
printf( " ok\n\n" );
fclose( fout );
exit:
mpi_free( &Q, &P, &G, NULL );
#else
printf( "\n ! Prime-number generation is not available.\n\n" );
#endif
#ifdef WIN32
printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}

2
programs/pkey/dh_prime.txt Normal file
View File

@@ -0,0 +1,2 @@
P = C3CF8BCFD9E88B0CC35EC526F3D63FA001DC9392E6CA81F3B414173955C582758B52038FAFBF402B8C29DC32F5231B0D2E25B252850C7DCDBFF46D0E7989E51DEA07A53BCF7947D4C95EBA28F9CBAFB0267EC3BCF57B15A49964236B56773851D6621E546F410D504F13827218CD14A1FDB69522DC72DD67D880E51B2E00894F
G = 04

252
programs/pkey/dh_server.c Normal file
View File

@@ -0,0 +1,252 @@
/*
* Diffie-Hellman-Merkle key exchange (server side)
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#include <string.h>
#include <stdio.h>
#include "xyssl/net.h"
#include "xyssl/aes.h"
#include "xyssl/dhm.h"
#include "xyssl/rsa.h"
#include "xyssl/sha1.h"
#include "xyssl/havege.h"
#define SERVER_PORT 11999
#define PLAINTEXT "==Hello there!=="
int main( void )
{
FILE *f;
int ret, n, buflen;
int listen_fd = -1;
int client_fd = -1;
unsigned char buf[1024];
unsigned char hash[20];
unsigned char buf2[2];
havege_state hs;
rsa_context rsa;
dhm_context dhm;
aes_context aes;
memset( &rsa, 0, sizeof( rsa ) );
memset( &dhm, 0, sizeof( dhm ) );
/*
* 1. Setup the RNG
*/
printf( "\n . Seeding the random number generator" );
fflush( stdout );
havege_init( &hs );
/*
* 2a. Read the server's private RSA key
*/
printf( "\n . Reading private key from rsa_priv.txt" );
fflush( stdout );
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
{
ret = 1;
printf( " failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
rsa_init( &rsa, RSA_PKCS_V15, 0, NULL, NULL );
if( ( ret = mpi_read_file( &rsa.N , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.E , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.D , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.P , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.Q , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.DP, 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.DQ, 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
{
printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
goto exit;
}
rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3;
fclose( f );
/*
* 2b. Get the DHM modulus and generator
*/
printf( "\n . Reading DH parameters from dh_prime.txt" );
fflush( stdout );
if( ( f = fopen( "dh_prime.txt", "rb" ) ) == NULL )
{
ret = 1;
printf( " failed\n ! Could not open dh_prime.txt\n" \
" ! Please run dh_genprime first\n\n" );
goto exit;
}
if( mpi_read_file( &dhm.P, 16, f ) != 0 ||
mpi_read_file( &dhm.G, 16, f ) != 0 )
{
printf( " failed\n ! Invalid DH parameter file\n\n" );
goto exit;
}
fclose( f );
/*
* 3. Wait for a client to connect
*/
printf( "\n . Waiting for a remote connection" );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, NULL, SERVER_PORT ) ) != 0 )
{
printf( " failed\n ! net_bind returned %d\n\n", ret );
goto exit;
}
if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
{
printf( " failed\n ! net_accept returned %d\n\n", ret );
goto exit;
}
/*
* 4. Setup the DH parameters (P,G,Ys)
*/
printf( "\n . Sending the server's DH parameters" );
fflush( stdout );
memset( buf, 0, sizeof( buf ) );
if( ( ret = dhm_make_params( &dhm, 256, buf, &n,
havege_rand, &hs ) ) != 0 )
{
printf( " failed\n ! dhm_make_params returned %d\n\n", ret );
goto exit;
}
/*
* 5. Sign the parameters and send them
*/
sha1( buf, n, hash );
buf[n ] = (unsigned char)( rsa.len >> 8 );
buf[n + 1] = (unsigned char)( rsa.len );
if( ( ret = rsa_pkcs1_sign( &rsa, RSA_PRIVATE, RSA_SHA1,
0, hash, buf + n + 2 ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret );
goto exit;
}
buflen = n + 2 + rsa.len;
buf2[0] = (unsigned char)( buflen >> 8 );
buf2[1] = (unsigned char)( buflen );
if( ( ret = net_send( &client_fd, buf2, 2 ) ) != 2 ||
( ret = net_send( &client_fd, buf, buflen ) ) != buflen )
{
printf( " failed\n ! net_send returned %d\n\n", ret );
goto exit;
}
/*
* 6. Get the client's public value: Yc = G ^ Xc mod P
*/
printf( "\n . Receiving the client's public value" );
fflush( stdout );
memset( buf, 0, sizeof( buf ) );
n = dhm.len;
if( ( ret = net_recv( &client_fd, buf, n ) ) != n )
{
printf( " failed\n ! net_recv returned %d\n\n", ret );
goto exit;
}
if( ( ret = dhm_read_public( &dhm, buf, dhm.len ) ) != 0 )
{
printf( " failed\n ! dhm_read_public returned %d\n\n", ret );
goto exit;
}
/*
* 7. Derive the shared secret: K = Ys ^ Xc mod P
*/
printf( "\n . Shared secret: " );
fflush( stdout );
if( ( ret = dhm_calc_secret( &dhm, buf, &n ) ) != 0 )
{
printf( " failed\n ! dhm_calc_secret returned %d\n\n", ret );
goto exit;
}
for( n = 0; n < 16; n++ )
printf( "%02x", buf[n] );
/*
* 8. Setup the AES-256 encryption key
*
* This is an overly simplified example; best practice is
* to hash the shared secret with a random value to derive
* the keying material for the encryption/decryption keys
* and MACs.
*/
printf( "...\n . Encrypting and sending the ciphertext" );
fflush( stdout );
aes_setkey_enc( &aes, buf, 256 );
memcpy( buf, PLAINTEXT, 16 );
aes_crypt_ecb( &aes, AES_ENCRYPT, buf, buf );
if( ( ret = net_send( &client_fd, buf, 16 ) ) != 16 )
{
printf( " failed\n ! net_send returned %d\n\n", ret );
goto exit;
}
printf( "\n\n" );
exit:
net_close( client_fd );
rsa_free( &rsa );
dhm_free( &dhm );
#ifdef WIN32
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}

76
programs/pkey/mpi_demo.c Normal file
View File

@@ -0,0 +1,76 @@
/*
* Simple MPI demonstration program
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#include <stdio.h>
#include "xyssl/bignum.h"
int main( void )
{
mpi E, P, Q, N, H, D, X, Y, Z;
mpi_init( &E, &P, &Q, &N, &H,
&D, &X, &Y, &Z, NULL );
mpi_read_string( &P, 10, "2789" );
mpi_read_string( &Q, 10, "3203" );
mpi_read_string( &E, 10, "257" );
mpi_mul_mpi( &N, &P, &Q );
printf( "\n Public key:\n\n" );
mpi_write_file( " N = ", &N, 10, NULL );
mpi_write_file( " E = ", &E, 10, NULL );
printf( "\n Private key:\n\n" );
mpi_write_file( " P = ", &P, 10, NULL );
mpi_write_file( " Q = ", &Q, 10, NULL );
mpi_sub_int( &P, &P, 1 );
mpi_sub_int( &Q, &Q, 1 );
mpi_mul_mpi( &H, &P, &Q );
mpi_inv_mod( &D, &E, &H );
mpi_write_file( " D = E^-1 mod (P-1)*(Q-1) = ",
&D, 10, NULL );
mpi_read_string( &X, 10, "55555" );
mpi_exp_mod( &Y, &X, &E, &N, NULL );
mpi_exp_mod( &Z, &Y, &D, &N, NULL );
printf( "\n RSA operation:\n\n" );
mpi_write_file( " X (plaintext) = ", &X, 10, NULL );
mpi_write_file( " Y (ciphertext) = X^E mod N = ", &Y, 10, NULL );
mpi_write_file( " Z (decrypted) = Y^D mod N = ", &Z, 10, NULL );
printf( "\n" );
mpi_free( &Z, &Y, &X, &D, &H,
&N, &Q, &P, &E, NULL );
#ifdef WIN32
printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( 0 );
}

130
programs/pkey/rsa_genkey.c Normal file
View File

@@ -0,0 +1,130 @@
/*
* Example RSA key generation program
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#include <stdio.h>
#include "xyssl/havege.h"
#include "xyssl/bignum.h"
#include "xyssl/x509.h"
#include "xyssl/rsa.h"
#define KEY_SIZE 1024
#define EXPONENT 65537
int main( void )
{
int ret;
rsa_context rsa;
havege_state hs;
FILE *fpub = NULL;
FILE *fpriv = NULL;
x509_raw cert;
printf( "\n . Seeding the random number generator..." );
fflush( stdout );
havege_init( &hs );
printf( " ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE );
fflush( stdout );
rsa_init( &rsa, RSA_PKCS_V15, 0, havege_rand, &hs );
if( ( ret = rsa_gen_key( &rsa, KEY_SIZE, EXPONENT ) ) != 0 )
{
printf( " failed\n ! rsa_gen_key returned %d\n\n", ret );
goto exit;
}
printf( " ok\n . Exporting the public key in rsa_pub.txt...." );
fflush( stdout );
if( ( fpub = fopen( "rsa_pub.txt", "wb+" ) ) == NULL )
{
printf( " failed\n ! could not open rsa_pub.txt for writing\n\n" );
ret = 1;
goto exit;
}
if( ( ret = mpi_write_file( "N = ", &rsa.N, 16, fpub ) ) != 0 ||
( ret = mpi_write_file( "E = ", &rsa.E, 16, fpub ) ) != 0 )
{
printf( " failed\n ! mpi_write_file returned %d\n\n", ret );
goto exit;
}
printf( " ok\n . Exporting the private key in rsa_priv.txt..." );
fflush( stdout );
if( ( fpriv = fopen( "rsa_priv.txt", "wb+" ) ) == NULL )
{
printf( " failed\n ! could not open rsa_priv.txt for writing\n" );
ret = 1;
goto exit;
}
if( ( ret = mpi_write_file( "N = " , &rsa.N , 16, fpriv ) ) != 0 ||
( ret = mpi_write_file( "E = " , &rsa.E , 16, fpriv ) ) != 0 ||
( ret = mpi_write_file( "D = " , &rsa.D , 16, fpriv ) ) != 0 ||
( ret = mpi_write_file( "P = " , &rsa.P , 16, fpriv ) ) != 0 ||
( ret = mpi_write_file( "Q = " , &rsa.Q , 16, fpriv ) ) != 0 ||
( ret = mpi_write_file( "DP = ", &rsa.DP, 16, fpriv ) ) != 0 ||
( ret = mpi_write_file( "DQ = ", &rsa.DQ, 16, fpriv ) ) != 0 ||
( ret = mpi_write_file( "QP = ", &rsa.QP, 16, fpriv ) ) != 0 )
{
printf( " failed\n ! mpi_write_file returned %d\n\n", ret );
goto exit;
}
/*
printf( " ok\n . Generating the certificate..." );
x509write_init_raw( &cert );
x509write_add_pubkey( &cert, &rsa );
x509write_add_subject( &cert, "CN='localhost'" );
x509write_add_validity( &cert, "2007-09-06 17:00:32",
"2010-09-06 17:00:32" );
x509write_create_selfsign( &cert, &rsa );
x509write_crtfile( &cert, "cert.der", X509_OUTPUT_DER );
x509write_crtfile( &cert, "cert.pem", X509_OUTPUT_PEM );
x509write_free_raw( &cert );
*/
printf( " ok\n\n" );
exit:
if( fpub != NULL )
fclose( fpub );
if( fpriv != NULL )
fclose( fpriv );
rsa_free( &rsa );
#ifdef WIN32
printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}

8
programs/pkey/rsa_priv.txt Normal file
View File

@@ -0,0 +1,8 @@
N = 807E3526556FADF8D4CA64074ADA36862646D5ECB24E363821306588722AF2B58058CFB88E8C0BEA5C7084F3055D232F110E59C8837A0D132A4B907E91DB4A4924134A85E7445935E55A772C0B72E12C94501D9DF66B71BA030F842531721AEF43AE48F9505BF7504CDEEA3CAA6F94530835648D770AE2E6C628DD484D10AA57
E = 010001
D = 56B3D2AD612D10993D0CAC5E7755B340E6071A46B3322F47C4AD6175A683F06E2482C8F761C88229CBE268F38B0503BEB8A59453C6D3CE8AC6196310E4DEB1CA939DF7F7EE26C4697EEDD1E5122795BFC83861DE2E3EC9E3E84F42B3A9DD25EB09B30FDDFFACCE5091493BC5577530CE9CD9C8BA244EC5FD3DF91BCECFD73961
P = F8DAD6A5651CED9011D979A076D70C4FBD095AAE2E53EF51415832C63AD61618F0BB369F29D1363345FE481FE6C28F0830FE33A1C41F8743A4E02DD682A2E099
Q = 842EABF3171F972DE7D6B571B70F969F8F1C305851785BB042CDAE3B794014659A744EA7D16D881B7168463CEEAF52BA0F78755BBE89CFE1361076CE3E20886F
DP = B1C694047FE1548CD1538D21E703E595A933DF86032E8F0E7B21E8D3D8004CB4F074ADA6B296F4A35863395F20D8E8992F76C9A7CC95C169BF852EF9C9455631
DQ = 143C54E49D289FEB4E2FC78D461A23D3FF83B03F0511E8EF7DFAA0EEC7EC3073318716B7884F3D63FE239985208144A7E950669F09F76D14AC432EFCF9F3DF0F
QP = C2F98F412476BDA2B14F5882D929090C62BB24ED74E8B78A3BE287EABDB3FADC445D041F1DE04EBE2D39A8913DAF03C23FF632D1B3FB6CCBDD65B2A576F127F5

2
programs/pkey/rsa_pub.txt Normal file
View File

@@ -0,0 +1,2 @@
N = 807E3526556FADF8D4CA64074ADA36862646D5ECB24E363821306588722AF2B58058CFB88E8C0BEA5C7084F3055D232F110E59C8837A0D132A4B907E91DB4A4924134A85E7445935E55A772C0B72E12C94501D9DF66B71BA030F842531721AEF43AE48F9505BF7504CDEEA3CAA6F94530835648D770AE2E6C628DD484D10AA57
E = 010001

130
programs/pkey/rsa_sign.c Normal file
View File

@@ -0,0 +1,130 @@
/*
* RSA/SHA-1 signature creation program
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#include <string.h>
#include <stdio.h>
#include "xyssl/rsa.h"
#include "xyssl/sha1.h"
int main( int argc, char *argv[] )
{
FILE *f;
int ret, i;
rsa_context rsa;
unsigned char hash[20];
unsigned char buf[512];
ret = 1;
if( argc != 2 )
{
printf( "usage: rsa_sign <filename>\n" );
#ifdef WIN32
printf( "\n" );
#endif
goto exit;
}
printf( "\n . Reading private key from rsa_priv.txt" );
fflush( stdout );
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
{
ret = 1;
printf( " failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
rsa_init( &rsa, RSA_PKCS_V15, 0, NULL, NULL );
if( ( ret = mpi_read_file( &rsa.N , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.E , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.D , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.P , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.Q , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.DP, 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.DQ, 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
{
printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
goto exit;
}
rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3;
fclose( f );
/*
* Compute the SHA-1 hash of the input file,
* then calculate the RSA signature of the hash.
*/
printf( "\n . Generating the RSA/SHA-1 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[1], hash ) ) != 0 )
{
printf( " failed\n ! Could not open or read %s\n\n", argv[1] );
goto exit;
}
if( ( ret = rsa_pkcs1_sign( &rsa, RSA_PRIVATE, RSA_SHA1,
20, hash, buf ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret );
goto exit;
}
/*
* Write the signature into <filename>-sig.txt
*/
memcpy( argv[1] + strlen( argv[1] ), ".sig", 5 );
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
ret = 1;
printf( " failed\n ! Could not create %s\n\n", argv[1] );
goto exit;
}
for( i = 0; i < rsa.len; i++ )
fprintf( f, "%02X%s", buf[i],
( i + 1 ) % 16 == 0 ? "\r\n" : " " );
fclose( f );
printf( "\n . Done (created \"%s\")\n\n", argv[1] );
exit:
#ifdef WIN32
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}

133
programs/pkey/rsa_verify.c Normal file
View File

@@ -0,0 +1,133 @@
/*
* RSA/SHA-1 signature verification program
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#include <string.h>
#include <stdio.h>
#include "xyssl/rsa.h"
#include "xyssl/sha1.h"
int main( int argc, char *argv[] )
{
FILE *f;
int ret, i, c;
rsa_context rsa;
unsigned char hash[20];
unsigned char buf[512];
ret = 1;
if( argc != 2 )
{
printf( "usage: rsa_verify <filename>\n" );
#ifdef WIN32
printf( "\n" );
#endif
goto exit;
}
printf( "\n . Reading public key from rsa_pub.txt" );
fflush( stdout );
if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
{
printf( " failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
rsa_init( &rsa, RSA_PKCS_V15, 0, NULL, NULL );
if( ( ret = mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.E, 16, f ) ) != 0 )
{
printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
goto exit;
}
rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3;
fclose( f );
/*
* Extract the RSA signature from the text file
*/
ret = 1;
i = strlen( argv[1] );
memcpy( argv[1] + i, ".sig", 5 );
if( ( f = fopen( argv[1], "rb" ) ) == NULL )
{
printf( "\n ! Could not open %s\n\n", argv[1] );
goto exit;
}
argv[1][i] = '\0', i = 0;
while( fscanf( f, "%02X", &c ) > 0 &&
i < (int) sizeof( buf ) )
buf[i++] = (unsigned char) c;
fclose( f );
if( i != rsa.len )
{
printf( "\n ! Invalid RSA signature format\n\n" );
goto exit;
}
/*
* Compute the SHA-1 hash of the input file and compare
* it with the hash decrypted from the RSA signature.
*/
printf( "\n . Verifying the RSA/SHA-1 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[1], hash ) ) != 0 )
{
printf( " failed\n ! Could not open or read %s\n\n", argv[1] );
goto exit;
}
if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, RSA_SHA1,
20, hash, buf ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret );
goto exit;
}
printf( "\n . OK (the decrypted SHA-1 hash matches)\n\n" );
ret = 0;
exit:
#ifdef WIN32
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}

144
programs/ssl/CA-HOWTO.txt Normal file
View File

@@ -0,0 +1,144 @@
How to setup your own Certificate Authority
===========================================
Note: this howto requires the openssl binary, as well as classic
UNIX tools (cat, touch, echo). If you use Windows, please consider
installing Cygwin -- see http://cygwin.com/
1. Configure OpenSSL
--------------------
First of all, create sslconf.txt in the current directory
(a basic example is provided at the end of this file).
cat > sslconf.txt <<"EOF"
[paste contents here]
EOF
Then you need to create the database and a starting serial number:
touch index
echo "01" > serial
mkdir newcerts
2. Generate the CA certificate
------------------------------
openssl req -config sslconf.txt -days 3653 -x509 -newkey rsa:2048 \
-set_serial 0 -text -keyout test-ca.key -out test-ca.crt
3. Generate the private keys and certificate requests
-----------------------------------------------------
openssl genrsa -out server1.key 2048
openssl genrsa -out server2.key 2048
openssl genrsa -out client1.key 2048
openssl genrsa -out client2.key 2048
openssl req -config sslconf.txt -new -key server1.key -out server1.req
openssl req -config sslconf.txt -new -key server2.key -out server2.req
openssl req -config sslconf.txt -new -key client1.key -out client1.req
openssl req -config sslconf.txt -new -key client2.key -out client2.req
4. Issue and sign the certificates
----------------------------------
openssl ca -config sslconf.txt -in server1.req -out server1.crt
openssl ca -config sslconf.txt -in server2.req -out server2.crt
openssl ca -config sslconf.txt -in client1.req -out client1.crt
openssl ca -config sslconf.txt -in client2.req -out client2.crt
5. To revoke a certificate and update the CRL
---------------------------------------------
openssl ca -config sslconf.txt -revoke server1.crt
openssl ca -config sslconf.txt -revoke client1.crt
openssl ca -config sslconf.txt -gencrl -out crl.pem
6. To display a certificate and verify its validity
---------------------------------------------------
openssl x509 -in server2.crt -text -noout
cat test-ca.crt crl.pem > ca_crl.pem
openssl verify -CAfile ca_crl.pem -crl_check server2.crt
rm ca_crl.pem
7. To export a certificate into a .pfx file
-------------------------------------------
openssl pkcs12 -export -in client2.crt -inkey client2.key \
-out client2.pfx
##================================================================
##============== Example OpenSSL configuration file ==============
##================================================================
# References:
#
# /etc/ssl/openssl.conf
# http://www.openssl.org/docs/apps/config.html
# http://www.openssl.org/docs/apps/x509v3_config.html
[ ca ]
default_ca = my_ca
[ my_ca ]
certificate = test-ca.crt
private_key = test-ca.key
database = index
serial = serial
new_certs_dir = newcerts
default_crl_days = 60
default_days = 730
default_md = sha1
policy = my_policy
x509_extensions = v3_usr
[ my_policy ]
countryName = optional
stateOrProvinceName = optional
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
distinguished_name = my_req_dn
x509_extensions = v3_ca
[ my_req_dn ]
countryName = Country Name..............
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name....
localityName = Locality Name.............
0.organizationName = Organization Name.........
organizationalUnitName = Org. Unit Name............
commonName = Common Name (required)....
commonName_max = 64
emailAddress = Email Address.............
emailAddress_max = 64
[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
[ v3_usr ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer

172
programs/ssl/ssl_client1.c Normal file
View File

@@ -0,0 +1,172 @@
/*
* SSL client demonstration program
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#include <string.h>
#include <stdio.h>
#include "xyssl/net.h"
#include "xyssl/ssl.h"
#include "xyssl/havege.h"
#define SERVER_PORT 443
/*
#define SERVER_NAME "localhost"
#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
*/
#define SERVER_NAME "xyssl.org"
#define GET_REQUEST \
"GET /hello/ HTTP/1.1\r\n" \
"Host: xyssl.org\r\n\r\n"
#define DEBUG_LEVEL 0
void my_debug( void *ctx, int level, char *str )
{
if( level < DEBUG_LEVEL )
{
fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
}
int main( void )
{
int ret, len, server_fd;
unsigned char buf[1024];
havege_state hs;
ssl_context ssl;
ssl_session ssn;
/*
* 0. Initialize the RNG and the session data
*/
havege_init( &hs );
memset( &ssn, 0, sizeof( ssl_session ) );
/*
* 1. Start the connection
*/
printf( "\n . Connecting to tcp/%s/%4d...", SERVER_NAME,
SERVER_PORT );
fflush( stdout );
if( ( ret = net_connect( &server_fd, SERVER_NAME,
SERVER_PORT ) ) != 0 )
{
printf( " failed\n ! net_connect returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 2. Setup stuff
*/
printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_init returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
ssl_set_rng( &ssl, havege_rand, &hs );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
ssl_set_ciphers( &ssl, ssl_default_ciphers );
ssl_set_session( &ssl, 1, 600, &ssn );
/*
* 3. Write the GET request
*/
printf( " > Write to server:" );
fflush( stdout );
len = sprintf( (char *) buf, GET_REQUEST );
while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
{
if( ret != XYSSL_ERR_NET_TRY_AGAIN )
{
printf( " failed\n ! ssl_write returned %d\n\n", ret );
goto exit;
}
}
len = ret;
printf( " %d bytes written\n\n%s", len, (char *) buf );
/*
* 7. Read the HTTP response
*/
printf( " < Read from server:" );
fflush( stdout );
do
{
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
ret = ssl_read( &ssl, buf, len );
if( ret == XYSSL_ERR_NET_TRY_AGAIN )
continue;
if( ret == XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
break;
if( ret <= 0 )
{
printf( "failed\n ! ssl_read returned %d\n\n", ret );
break;
}
len = ret;
printf( " %d bytes read\n\n%s", len, (char *) buf );
}
while( 0 );
ssl_close_notify( &ssl );
exit:
net_close( server_fd );
ssl_free( &ssl );
memset( &ssl, 0, sizeof( ssl ) );
#ifdef WIN32
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}

283
programs/ssl/ssl_client2.c Normal file
View File

@@ -0,0 +1,283 @@
/*
* SSL client with certificate authentication
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#include <string.h>
#include <stdio.h>
#include "xyssl/net.h"
#include "xyssl/ssl.h"
#include "xyssl/havege.h"
#include "xyssl/certs.h"
#include "xyssl/x509.h"
#define SERVER_PORT 443
/*
#define SERVER_NAME "localhost"
#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
*/
#define SERVER_NAME "xyssl.org"
#define GET_REQUEST \
"GET /hello/ HTTP/1.1\r\n" \
"Host: xyssl.org\r\n\r\n"
#define DEBUG_LEVEL 0
void my_debug( void *ctx, int level, char *str )
{
if( level < DEBUG_LEVEL )
{
fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
}
int main( void )
{
int ret, len, server_fd;
unsigned char buf[1024];
havege_state hs;
ssl_context ssl;
ssl_session ssn;
x509_cert cacert;
x509_cert clicert;
rsa_context rsa;
/*
* 0. Initialize the RNG and the session data
*/
havege_init( &hs );
memset( &ssn, 0, sizeof( ssl_session ) );
/*
* 1.1. Load the trusted CA
*/
printf( "\n . Loading the CA root certificate ..." );
fflush( stdout );
memset( &cacert, 0, sizeof( x509_cert ) );
/*
* Alternatively, you may load the CA certificates from a .pem or
* .crt file by calling x509parse_crtfile( &cacert, "myca.crt" ).
*/
ret = x509parse_crt( &cacert, (unsigned char *) xyssl_ca_crt,
strlen( xyssl_ca_crt ) );
if( ret != 0 )
{
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 1.2. Load own certificate and private key
*
* (can be skipped if client authentication is not required)
*/
printf( " . Loading the client cert. and key..." );
fflush( stdout );
memset( &clicert, 0, sizeof( x509_cert ) );
ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
strlen( test_cli_crt ) );
if( ret != 0 )
{
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
goto exit;
}
ret = x509parse_key( &rsa, (unsigned char *) test_cli_key,
strlen( test_cli_key ), NULL, 0 );
if( ret != 0 )
{
printf( " failed\n ! x509parse_key returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 2. Start the connection
*/
printf( " . Connecting to tcp/%s/%-4d...", SERVER_NAME,
SERVER_PORT );
fflush( stdout );
if( ( ret = net_connect( &server_fd, SERVER_NAME,
SERVER_PORT ) ) != 0 )
{
printf( " failed\n ! net_connect returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 3. Setup stuff
*/
printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
havege_init( &hs );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_init returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
ssl_set_rng( &ssl, havege_rand, &hs );
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
ssl_set_ciphers( &ssl, ssl_default_ciphers );
ssl_set_session( &ssl, 1, 600, &ssn );
ssl_set_ca_chain( &ssl, &cacert, SERVER_NAME );
ssl_set_own_cert( &ssl, &clicert, &rsa );
ssl_set_hostname( &ssl, SERVER_NAME );
/*
* 4. Handshake
*/
printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
{
if( ret != XYSSL_ERR_NET_TRY_AGAIN )
{
printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
goto exit;
}
}
printf( " ok\n [ Cipher is %s ]\n",
ssl_get_cipher( &ssl ) );
/*
* 5. Verify the server certificate
*/
printf( " . Verifying peer X.509 certificate..." );
if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
{
printf( " failed\n" );
if( ( ret & BADCERT_EXPIRED ) != 0 )
printf( " ! server certificate has expired\n" );
if( ( ret & BADCERT_REVOKED ) != 0 )
printf( " ! server certificate has been revoked\n" );
if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
printf( " ! CN mismatch (expected CN=%s)\n", SERVER_NAME );
if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
printf( " ! self-signed or not signed by a trusted CA\n" );
printf( "\n" );
}
else
printf( " ok\n" );
printf( " . Peer certificate information ...\n" );
printf( x509parse_cert_info( " ", ssl.peer_cert ) );
/*
* 6. Write the GET request
*/
printf( " > Write to server:" );
fflush( stdout );
len = sprintf( (char *) buf, GET_REQUEST );
while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
{
if( ret != XYSSL_ERR_NET_TRY_AGAIN )
{
printf( " failed\n ! ssl_write returned %d\n\n", ret );
goto exit;
}
}
len = ret;
printf( " %d bytes written\n\n%s", len, (char *) buf );
/*
* 7. Read the HTTP response
*/
printf( " < Read from server:" );
fflush( stdout );
do
{
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
ret = ssl_read( &ssl, buf, len );
if( ret == XYSSL_ERR_NET_TRY_AGAIN )
continue;
if( ret == XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
break;
if( ret <= 0 )
{
printf( "failed\n ! ssl_read returned %d\n\n", ret );
break;
}
len = ret;
printf( " %d bytes read\n\n%s", len, (char *) buf );
}
while( 0 );
ssl_close_notify( &ssl );
exit:
net_close( server_fd );
x509_free( &clicert );
x509_free( &cacert );
rsa_free( &rsa );
ssl_free( &ssl );
memset( &ssl, 0, sizeof( ssl ) );
#ifdef WIN32
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}

399
programs/ssl/ssl_server.c Normal file
View File

@@ -0,0 +1,399 @@
/*
* SSL server demonstration program
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#ifdef WIN32
#include <windows.h>
#endif
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include "xyssl/havege.h"
#include "xyssl/certs.h"
#include "xyssl/x509.h"
#include "xyssl/ssl.h"
#include "xyssl/net.h"
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
"<h2><p><center>Successful connection using: %s\r\n"
/*
* Computing a "safe" DH-1024 prime can take a very
* long time, so a precomputed value is provided below.
* You may run dh_genprime to generate a new value.
*/
char *my_dhm_P =
"E4004C1F94182000103D883A448B3F80" \
"2CE4B44A83301270002C20D0321CFD00" \
"11CCEF784C26A400F43DFB901BCA7538" \
"F2C6B176001CF5A0FD16D2C48B1D0C1C" \
"F6AC8E1DA6BCC3B4E1F96B0564965300" \
"FFA1D0B601EB2800F489AA512C4B248C" \
"01F76949A60BB7F00A40B1EAB64BDD48" \
"E8A700D60B7F1200FA8E77B0A979DABF";
char *my_dhm_G = "4";
/*
* Sorted by order of preference
*/
int my_ciphers[] =
{
SSL_EDH_RSA_AES_256_SHA,
SSL_EDH_RSA_DES_168_SHA,
SSL_RSA_AES_256_SHA,
SSL_RSA_AES_128_SHA,
SSL_RSA_DES_168_SHA,
SSL_RSA_RC4_128_SHA,
SSL_RSA_RC4_128_MD5,
0
};
#define DEBUG_LEVEL 0
void my_debug( void *ctx, int level, char *str )
{
if( level < DEBUG_LEVEL )
{
fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
}
/*
* These session callbacks use a simple chained list
* to store and retrieve the session information.
*/
ssl_session *s_list_1st = NULL;
ssl_session *cur, *prv;
static int my_get_session( ssl_context *ssl )
{
time_t t = time( NULL );
if( ssl->resume == 0 )
return( 1 );
cur = s_list_1st;
prv = NULL;
while( cur != NULL )
{
prv = cur;
cur = cur->next;
if( ssl->timeout != 0 && t - prv->start > ssl->timeout )
continue;
if( ssl->session->cipher != prv->cipher ||
ssl->session->length != prv->length )
continue;
if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 )
continue;
memcpy( ssl->session->master, prv->master, 48 );
return( 0 );
}
return( 1 );
}
static int my_set_session( ssl_context *ssl )
{
time_t t = time( NULL );
cur = s_list_1st;
prv = NULL;
while( cur != NULL )
{
if( ssl->timeout != 0 && t - cur->start > ssl->timeout )
break; /* expired, reuse this slot */
if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 )
break; /* client reconnected */
prv = cur;
cur = cur->next;
}
if( cur == NULL )
{
cur = (ssl_session *) malloc( sizeof( ssl_session ) );
if( cur == NULL )
return( 1 );
if( prv == NULL )
s_list_1st = cur;
else prv->next = cur;
}
memcpy( cur, ssl->session, sizeof( ssl_session ) );
return( 0 );
}
int main( void )
{
int ret, len;
int listen_fd;
int client_fd;
unsigned char buf[1024];
havege_state hs;
ssl_context ssl;
ssl_session ssn;
x509_cert srvcert;
rsa_context rsa;
/*
* 1. Load the certificates and private RSA key
*/
printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
memset( &srvcert, 0, sizeof( x509_cert ) );
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use x509parse_crtfile() to read the
* server and CA certificates, as well as x509parse_keyfile().
*/
ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
strlen( test_srv_crt ) );
if( ret != 0 )
{
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
goto exit;
}
ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
strlen( test_ca_crt ) );
if( ret != 0 )
{
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
goto exit;
}
ret = x509parse_key( &rsa, (unsigned char *) test_srv_key,
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
{
printf( " failed\n ! x509parse_key returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 2. Setup the listening TCP socket
*/
printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, NULL, 4433 ) ) != 0 )
{
printf( " failed\n ! net_bind returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 3. Wait until a client connects
*/
#ifdef WIN32
ShellExecute( NULL, "open", "https://localhost:4433/",
NULL, NULL, SW_SHOWNORMAL );
#endif
client_fd = -1;
memset( &ssl, 0, sizeof( ssl ) );
accept:
net_close( client_fd );
ssl_free( &ssl );
printf( " . Waiting for a remote connection ..." );
fflush( stdout );
if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
{
printf( " failed\n ! net_accept returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 4. Setup stuff
*/
printf( " . Setting up the RNG and SSL data...." );
fflush( stdout );
havege_init( &hs );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_init returned %d\n\n", ret );
goto accept;
}
printf( " ok\n" );
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
ssl_set_rng( &ssl, havege_rand, &hs );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &client_fd,
net_send, &client_fd );
ssl_set_scb( &ssl, my_get_session,
my_set_session );
ssl_set_ciphers( &ssl, my_ciphers );
ssl_set_session( &ssl, 1, 0, &ssn );
memset( &ssn, 0, sizeof( ssl_session ) );
ssl_set_ca_chain( &ssl, srvcert.next, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa );
ssl_set_dh_param( &ssl, my_dhm_P, my_dhm_G );
/*
* 5. Handshake
*/
printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
{
if( ret != XYSSL_ERR_NET_TRY_AGAIN )
{
printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
goto accept;
}
}
printf( " ok\n" );
/*
* 6. Read the HTTP Request
*/
printf( " < Read from client:" );
fflush( stdout );
do
{
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
ret = ssl_read( &ssl, buf, len );
if( ret == XYSSL_ERR_NET_TRY_AGAIN )
continue;
if( ret <= 0 )
{
switch( ret )
{
case XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
printf( " connection was closed gracefully\n" );
break;
case XYSSL_ERR_NET_CONN_RESET:
printf( " connection was reset by peer\n" );
break;
default:
printf( " ssl_read returned %d\n", ret );
break;
}
break;
}
len = ret;
printf( " %d bytes read\n\n%s", len, (char *) buf );
}
while( 0 );
/*
* 7. Write the 200 Response
*/
printf( " > Write to client:" );
fflush( stdout );
len = sprintf( (char *) buf, HTTP_RESPONSE,
ssl_get_cipher( &ssl ) );
while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
{
if( ret == XYSSL_ERR_NET_CONN_RESET )
{
printf( " failed\n ! peer closed the connection\n\n" );
goto accept;
}
if( ret != XYSSL_ERR_NET_TRY_AGAIN )
{
printf( " failed\n ! ssl_write returned %d\n\n", ret );
goto exit;
}
}
len = ret;
printf( " %d bytes written\n\n%s\n", len, (char *) buf );
ssl_close_notify( &ssl );
goto accept;
exit:
net_close( client_fd );
x509_free( &srvcert );
rsa_free( &rsa );
ssl_free( &ssl );
cur = s_list_1st;
while( cur != NULL )
{
prv = cur;
cur = cur->next;
memset( prv, 0, sizeof( ssl_session ) );
free( prv );
}
memset( &ssl, 0, sizeof( ssl_context ) );
#ifdef WIN32
printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}

76
programs/ssl/test-ca/client1.crt Normal file
View File

@@ -0,0 +1,76 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=XySSL, CN=XySSL Test CA
Validity
Not Before: Nov 29 19:50:42 2007 GMT
Not After : Nov 28 19:50:42 2009 GMT
Subject: O=XySSL, CN=Test User 1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:a7:2b:e9:c3:d5:68:7c:e7:4b:23:20:31:c8:0e:
be:9f:c8:e6:b6:a7:09:c5:59:67:ab:6d:e9:f3:7e:
b2:e7:3b:1c:99:28:33:e0:b8:e9:8b:ee:45:a3:de:
91:f8:03:59:34:f1:b6:e0:b3:62:33:45:87:64:8e:
59:d3:34:4f:f9:fb:3c:64:53:a2:f2:53:20:97:a3:
2b:fe:6d:c4:f3:38:83:02:92:c8:cb:8f:9e:d9:d3:
5e:87:36:ec:17:b3:50:5b:68:b7:03:04:e2:90:2f:
d4:0e:48:40:b1:ad:11:28:de:8a:a9:4c:df:20:05:
47:8a:ef:ba:24:09:fa:ec:f6:d4:f1:0f:a1:31:b7:
f0:54:d5:d5:23:19:1e:41:6d:b7:96:17:81:ff:b3:
1e:83:92:76:4b:7c:ce:b1:8f:18:b0:69:20:60:f9:
41:8b:04:ae:89:84:a8:20:48:ae:f3:1f:50:ec:1c:
61:97:bd:81:50:54:61:5d:23:c3:c2:84:ed:19:1b:
ee:0f:22:38:28:de:51:04:41:6d:e1:82:43:76:e7:
7b:40:fd:84:ea:9e:e8:d8:da:c2:72:c4:31:c6:b0:
ca:ce:ac:7b:5c:fa:43:15:5f:41:1c:21:be:dc:96:
95:d6:77:16:ef:1d:51:8d:10:65:aa:f5:9e:f8:47:
6a:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
F2:C4:96:02:CF:BF:C1:AA:B0:D2:1A:DA:E7:F3:4B:2C:5D:D1:DF:14
X509v3 Authority Key Identifier:
keyid:F2:67:B1:5D:5F:51:5E:DA:51:89:E9:D9:E9:6B:CA:8B:AF:A5:2E:69
Signature Algorithm: sha1WithRSAEncryption
ca:29:3f:44:90:8d:9c:c6:0d:f9:e2:a9:50:d8:e5:d6:0a:e0:
be:6e:48:fb:e8:7a:f4:5f:50:dc:6b:d1:76:a5:f9:88:91:96:
62:e5:66:89:da:eb:17:01:f7:d0:d2:f7:3b:35:78:dd:80:45:
d0:64:32:13:67:20:a8:fc:d8:62:e1:44:d4:ae:41:37:2e:e7:
63:94:37:66:61:3b:38:e9:7d:8a:b6:18:d4:b7:2c:59:ea:46:
a0:ed:ab:84:79:04:be:da:0f:9e:2d:68:34:a0:06:63:fa:33:
61:bc:8a:00:07:62:c3:81:11:0d:28:d9:80:8f:51:a2:db:be:
23:16:a4:37:65:18:72:34:17:c2:a9:63:e3:5f:f4:0e:7c:58:
5e:e4:a5:44:8f:6b:23:ba:18:4e:e3:0c:25:2a:86:ee:5d:c2:
a2:e7:92:8d:a8:84:77:ef:b5:9c:af:2c:53:5d:4c:1b:eb:96:
a4:56:27:f5:bf:cb:82:91:51:6e:8a:f4:49:6a:84:39:44:a3:
23:7e:d0:83:ce:2b:4a:5f:18:1b:d1:1f:74:14:6f:91:da:1a:
ee:95:1d:ee:c7:9e:77:a2:df:1c:22:72:c2:08:bc:98:60:a0:
d6:5f:eb:d8:e8:ad:b3:f5:05:c4:1a:9b:a9:8d:29:83:7e:26:
62:fa:e3:79
-----BEGIN CERTIFICATE-----
MIIDFjCCAf6gAwIBAgIBAzANBgkqhkiG9w0BAQUFADAoMQ4wDAYDVQQKEwVYeVNT
TDEWMBQGA1UEAxMNWHlTU0wgVGVzdCBDQTAeFw0wNzExMjkxOTUwNDJaFw0wOTEx
MjgxOTUwNDJaMCYxDjAMBgNVBAoTBVh5U1NMMRQwEgYDVQQDEwtUZXN0IFVzZXIg
MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcr6cPVaHznSyMgMcgO
vp/I5ranCcVZZ6tt6fN+suc7HJkoM+C46YvuRaPekfgDWTTxtuCzYjNFh2SOWdM0
T/n7PGRTovJTIJejK/5txPM4gwKSyMuPntnTXoc27BezUFtotwME4pAv1A5IQLGt
ESjeiqlM3yAFR4rvuiQJ+uz21PEPoTG38FTV1SMZHkFtt5YXgf+zHoOSdkt8zrGP
GLBpIGD5QYsEromEqCBIrvMfUOwcYZe9gVBUYV0jw8KE7Rkb7g8iOCjeUQRBbeGC
Q3bne0D9hOqe6NjawnLEMcawys6se1z6QxVfQRwhvtyWldZ3Fu8dUY0QZar1nvhH
akECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQU8sSWAs+/waqw0hra5/NL
LF3R3xQwHwYDVR0jBBgwFoAU8mexXV9RXtpRienZ6WvKi6+lLmkwDQYJKoZIhvcN
AQEFBQADggEBAMopP0SQjZzGDfniqVDY5dYK4L5uSPvoevRfUNxr0Xal+YiRlmLl
Zona6xcB99DS9zs1eN2ARdBkMhNnIKj82GLhRNSuQTcu52OUN2ZhOzjpfYq2GNS3
LFnqRqDtq4R5BL7aD54taDSgBmP6M2G8igAHYsOBEQ0o2YCPUaLbviMWpDdlGHI0
F8KpY+Nf9A58WF7kpUSPayO6GE7jDCUqhu5dwqLnko2ohHfvtZyvLFNdTBvrlqRW
J/W/y4KRUW6K9ElqhDlEoyN+0IPOK0pfGBvRH3QUb5HaGu6VHe7Hnnei3xwicsII
vJhgoNZf69jorbP1BcQam6mNKYN+JmL643k=
-----END CERTIFICATE-----

27
programs/ssl/test-ca/client1.key Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEApyvpw9VofOdLIyAxyA6+n8jmtqcJxVlnq23p836y5zscmSgz
4Ljpi+5Fo96R+ANZNPG24LNiM0WHZI5Z0zRP+fs8ZFOi8lMgl6Mr/m3E8ziDApLI
y4+e2dNehzbsF7NQW2i3AwTikC/UDkhAsa0RKN6KqUzfIAVHiu+6JAn67PbU8Q+h
MbfwVNXVIxkeQW23lheB/7Meg5J2S3zOsY8YsGkgYPlBiwSuiYSoIEiu8x9Q7Bxh
l72BUFRhXSPDwoTtGRvuDyI4KN5RBEFt4YJDdud7QP2E6p7o2NrCcsQxxrDKzqx7
XPpDFV9BHCG+3JaV1ncW7x1RjRBlqvWe+EdqQQIDAQABAoIBAQCmgiHUMnNhvYtk
kEOlbbJHOvc6RQSBcjzFTrRxGOifUox4rMeHdQcCnrD0uNMRglxPVNb/1wzf3sgt
y3AC458pcinEEF5EGbJj913xjWpXjBlJ7eRchVAGzPbhnT3pmWxXr+Rh+HKmhU0l
cKgnkSd/WrIoUW4I2dlZtM/l557seI3Mz34MdWfPgMRdHUFhOa0iJakHtYt1/o4/
adxjoIdwAjerru0g918frKb3vi13ir67UMrh/A0uUPsVMi/hSZvuT0c2C+Kd+xtH
e0ttWZ6x8eBEzsimghz2YuaQs4OyPwZHP0unRRpN+Am453b2VjnKPF/S2qFCNOMq
jWnxyKrBAoGBANx93if4pTTwYeQop4EtYWmfr2OEX9syZzIbv4i1cPQTQo7stDGA
wX32ytFYvQwm7GZmmHp1buPrfOrYgmD5T29wfjETNqttKxzmJ+aXa30t7UnTH04H
NCU7O4xAVrFcNeZ4+7o6CwbjHKzflaJXeWlkl/X8hWXUiMAGz6nOKcfpAoGBAMIX
1cCRTYqfM804Yql1F23b2nX8fFy6VqbWk/ViFWKwamdn0+C3ffLuULnK0s6Xya3G
/6Ecr/6/+H+KlSNRhenOHHasdhA02QwlEgHFXHG53NSCLLTXjf/LAUNyOvjlnL8P
tWDqBOWJg4M9aMvsxdv7ALPa/pd7d7kodDvccXCZAoGAI16pkX3oeoqJGYGQBT/T
XY85Ilysx8vZFAexfOumN/ES/zxnV32RDHTXaiezA80GpRKWKSbHaBZxjna2y3mS
zYydIaA0Z+F2RgeBpRLrMkR4yRvt7KVpLwPGdKQphAAHwXXs453GAQ/TnMOtDEK9
/jMd0V71wzUJzswI6fNhbmkCgYByIiX16PvaCigiA4gw8cPnPCNIwkI3HPQbg47Z
+uVsdST8zZdQS1Zq5izeNCCmj6du4tgrW306ppRwG4P7ktLWW/ds6Zk7ingfpiTi
mbX0wkDTTgEQDrlXs354tNFsz0jPKWOVK8fZWnXVVOUtFXx8ESuml56iYV5TqTBA
iy7B8QKBgFrmftKKVycQ3EofuhVz2TlxBK+SLnhjNyGyLm6mIgyn09g837ObxMkC
s/zkUNoZVEW1qcFg10yyqB5F5r94h1qwyTRFPQoBHU88JHMBAkyWMy3yR9z/ca+r
AzK+oYwtRcRsLdWaMN+nHkJESRZg8QPvT6YJlvRHMEExYndqovRJ
-----END RSA PRIVATE KEY-----

76
programs/ssl/test-ca/client2.crt Normal file
View File

@@ -0,0 +1,76 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=XySSL, CN=XySSL Test CA
Validity
Not Before: Nov 29 19:50:48 2007 GMT
Not After : Nov 28 19:50:48 2009 GMT
Subject: O=XySSL, CN=Test User 2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:e5:7b:e1:94:06:e5:dd:20:0a:0d:6a:4f:9e:2c:
43:ea:74:f8:af:90:ab:60:7e:45:17:27:d9:1b:1d:
90:44:97:42:45:67:22:32:d5:eb:97:4e:76:ef:45:
99:3f:80:29:c5:45:94:7d:43:c0:0b:01:bd:ac:9c:
9d:cf:ff:3f:ea:1e:04:1c:2a:70:94:ff:6b:d1:63:
6f:cd:b0:5f:1d:bf:d6:45:f2:e1:32:17:18:87:b4:
79:39:52:01:23:50:5d:8d:10:89:02:c7:e8:a8:67:
a5:14:41:0f:1a:d7:25:2b:91:f8:6a:c6:5d:e3:b0:
fe:30:7c:47:56:95:93:e1:e8:e4:74:e5:1f:bf:00:
32:49:8e:f7:1d:29:07:68:4c:8e:ca:6f:84:96:37:
37:3d:ee:92:1d:15:b3:18:30:ef:a0:46:b1:6e:7b:
ec:d4:a6:27:8d:11:f9:35:31:9c:91:04:c8:e2:8a:
ac:4f:cb:b4:49:b0:92:2b:82:59:4e:69:00:62:51:
4f:5d:10:72:54:03:5c:24:39:8a:fb:39:6b:c1:da:
84:10:15:c3:04:cb:31:26:91:b8:0a:b1:b5:32:69:
ec:0f:64:a7:51:53:dc:64:13:b1:c2:ec:fc:55:0a:
d8:f5:22:e7:c4:d9:4f:73:8d:85:b6:cc:8b:2a:51:
76:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
72:A9:55:09:13:A6:61:1E:1D:9F:00:BA:AF:93:D9:8D:69:86:1D:20
X509v3 Authority Key Identifier:
keyid:F2:67:B1:5D:5F:51:5E:DA:51:89:E9:D9:E9:6B:CA:8B:AF:A5:2E:69
Signature Algorithm: sha1WithRSAEncryption
68:32:9c:c5:ea:15:03:a3:2a:5b:e0:3b:ef:02:72:72:5e:5f:
57:b3:32:1f:a8:46:93:33:38:75:92:5f:41:e3:99:97:3a:f2:
0d:7d:2b:71:81:31:a7:ff:15:28:e8:f1:fe:d4:c1:83:2b:0b:
1a:1b:6c:b3:81:01:e1:4c:77:51:8b:09:2d:7f:da:52:2c:f5:
9e:38:a7:59:b8:cc:dc:f5:42:d4:3f:7f:22:96:7e:4a:89:f0:
cc:6e:77:f0:ee:79:d3:82:20:7a:0c:17:e2:c8:14:77:81:cd:
bf:34:27:76:7c:c2:eb:4f:93:dd:0a:a3:ee:2e:b9:f6:8a:d2:
7f:0b:f0:69:0f:90:05:6e:d6:ca:23:91:6d:38:68:28:2b:c7:
2d:99:17:c7:2a:1b:a6:1b:78:ea:68:56:cb:2e:83:d4:98:54:
1f:a5:77:cd:88:59:9c:bd:a2:88:70:4e:f4:68:f0:0e:70:45:
9c:c0:ef:d4:48:f0:14:cc:24:b5:47:40:08:07:2f:df:78:0b:
0b:50:f6:49:85:41:8c:48:12:78:3a:67:67:d9:82:09:0f:54:
a5:fe:14:7c:d4:21:60:a2:45:2b:ea:97:df:38:cc:f5:5a:cd:
4d:62:5a:a1:cf:51:cb:93:36:2e:c7:17:ec:77:89:06:f2:c9:
55:70:96:f3
-----BEGIN CERTIFICATE-----
MIIDFjCCAf6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADAoMQ4wDAYDVQQKEwVYeVNT
TDEWMBQGA1UEAxMNWHlTU0wgVGVzdCBDQTAeFw0wNzExMjkxOTUwNDhaFw0wOTEx
MjgxOTUwNDhaMCYxDjAMBgNVBAoTBVh5U1NMMRQwEgYDVQQDEwtUZXN0IFVzZXIg
MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOV74ZQG5d0gCg1qT54s
Q+p0+K+Qq2B+RRcn2RsdkESXQkVnIjLV65dOdu9FmT+AKcVFlH1DwAsBvaycnc//
P+oeBBwqcJT/a9Fjb82wXx2/1kXy4TIXGIe0eTlSASNQXY0QiQLH6KhnpRRBDxrX
JSuR+GrGXeOw/jB8R1aVk+Ho5HTlH78AMkmO9x0pB2hMjspvhJY3Nz3ukh0Vsxgw
76BGsW577NSmJ40R+TUxnJEEyOKKrE/LtEmwkiuCWU5pAGJRT10QclQDXCQ5ivs5
a8HahBAVwwTLMSaRuAqxtTJp7A9kp1FT3GQTscLs/FUK2PUi58TZT3ONhbbMiypR
duMCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUcqlVCROmYR4dnwC6r5PZ
jWmGHSAwHwYDVR0jBBgwFoAU8mexXV9RXtpRienZ6WvKi6+lLmkwDQYJKoZIhvcN
AQEFBQADggEBAGgynMXqFQOjKlvgO+8CcnJeX1ezMh+oRpMzOHWSX0HjmZc68g19
K3GBMaf/FSjo8f7UwYMrCxobbLOBAeFMd1GLCS1/2lIs9Z44p1m4zNz1QtQ/fyKW
fkqJ8Mxud/DuedOCIHoMF+LIFHeBzb80J3Z8wutPk90Ko+4uufaK0n8L8GkPkAVu
1sojkW04aCgrxy2ZF8cqG6YbeOpoVssug9SYVB+ld82IWZy9oohwTvRo8A5wRZzA
79RI8BTMJLVHQAgHL994CwtQ9kmFQYxIEng6Z2fZggkPVKX+FHzUIWCiRSvql984
zPVazU1iWqHPUcuTNi7HF+x3iQbyyVVwlvM=
-----END CERTIFICATE-----

27
programs/ssl/test-ca/client2.key Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA5XvhlAbl3SAKDWpPnixD6nT4r5CrYH5FFyfZGx2QRJdCRWci
MtXrl05270WZP4ApxUWUfUPACwG9rJydz/8/6h4EHCpwlP9r0WNvzbBfHb/WRfLh
MhcYh7R5OVIBI1BdjRCJAsfoqGelFEEPGtclK5H4asZd47D+MHxHVpWT4ejkdOUf
vwAySY73HSkHaEyOym+Eljc3Pe6SHRWzGDDvoEaxbnvs1KYnjRH5NTGckQTI4oqs
T8u0SbCSK4JZTmkAYlFPXRByVANcJDmK+zlrwdqEEBXDBMsxJpG4CrG1MmnsD2Sn
UVPcZBOxwuz8VQrY9SLnxNlPc42FtsyLKlF24wIDAQABAoIBAENov1uPJyhsR+em
6dpJoG2XjJFtypmencbugpyvc3higioG4InUQs8AUnl4lUqM6Dg1dyfQpfHVwhSZ
MNYvYWPxCz4GzWlHGjG4ptfhzh7cAiIr9TCUjjUWs2E+EG2CJujQCZ8Sf+ov/9LS
RZCZ0CZbS4B54oyGqjQt3Xq2l2kNRODdKbaSK3zZWp9nMNyu0iUpmAtgh6FliARI
pPr7oUHNxnmkF5JHyLFaGBtr33FZnmh8q9/gGnqEujkd6ynNwERCDVBZiBolVoCm
sIoC5kBZjaY//I+0dZoBqDsSOGUupdICiy1dHeC8Nc0GIX79pVLNLabCeQbxxOBg
QTN25FECgYEA8vnRvr6Hq53otreRO5RWFRnpGC0QS+nZArLxuva33IK5srN8CBbD
qMyszUiG7URHtQudvG9uno2X8fZmvRxRp42NTo3xCUX6HQmbo7o2B1RvQnJ/k+NF
A9IjqWS0jzneKo7jpoRhKPVolubADGZh7E9IRF+I0ajyOatv6eOB0RkCgYEA8cjr
9Lg80TSiY4v1z0KzFVRmYsUj2OlkYqSF9XMTIQGO2mGn8ApDh/OzpnxCSK0RjLeR
WUu3/6pCxUjM4ddOi81hiX51gkx6TC0SZ5jXPUm+NZVfkln8uYmvXE/4qSMZVvnl
iJnhOV8wNfwhriHQv22+OkoDD1Ul5Cv0GZZim1sCgYEA8BDEm6HEilvKwj080ZEO
PGsNU0WzBE5Yi8Ih9IgvwT+oGlgcBCH5z53qXil6ppMABnEjuDqhISblKbw6Zj7E
rre9FhBIRtFM/cOwc2RYXYWfKBfY1VWHqu7FLWjCvYB/ca0cYDoLhVxzqiTzO00t
Ez6COIvrsrsqGLC6Mm0GpoECgYEA22QQTtdaQA69hwx5uF5yd1lFKjxuAaYNs8BL
2WNYqStrv1a7dwEpM9R7YAcCckWwVfo/hkJBrFiHC9K6LfcbS5nJ9mPsJpZUpoiD
WcODExa15JMszHSg8I4xs9bQ8FBr7tMEZwYSKufnrCSjPwlqDDl9UhDUY/ZEUp1b
elhOE18CgYEAprkUGSy8JHB/Y23U/DUEfHLvUy9W1HjOYXe/SOL+z3TQV3vg/FVr
VJJ+PIUoSaHkCm9Vm5J4uZaRf5NhajgLPKiIDxvR6oeeU7kC4Pi55voJ6spnCS0+
xp7hjCLiFeWNqNlF9y6YCmaEM+ULVfw5WerNeeZs36T6iVu5CIiVgsY=
-----END RSA PRIVATE KEY-----

BIN
programs/ssl/test-ca/client2.pfx Normal file
View File

Binary file not shown.

11
programs/ssl/test-ca/crl.pem Normal file
View File

@@ -0,0 +1,11 @@
-----BEGIN X509 CRL-----
MIIBmDCBgTANBgkqhkiG9w0BAQUFADAoMQ4wDAYDVQQKEwVYeVNTTDEWMBQGA1UE
AxMNWHlTU0wgVGVzdCBDQRcNMDcxMTI5MTk1MTA4WhcNMDgwMTI4MTk1MTA4WjAo
MBICAQEXDTA3MTEyOTE5NTA1N1owEgIBAxcNMDcxMTI5MTk1MTAxWjANBgkqhkiG
9w0BAQUFAAOCAQEATos7dzWxTxm51ZbI48LRseHgz/976mt/E1UZ5WoeoFMmW9qG
oGmRexrfgzABz1s0S+fjunSibH5lPN4WLTTQ5vY/wzbLFE/ysXMB82b7EVf0fdVC
9V1805XVOfSr5CBYTdTk1XQ8/ihKHi+TEJMGgXjC4V09qVrKVXO3dmD71MAr4Bcv
n9ZSWnXuAIELyGfZaHrPjQf9cGc1awsFfdBbkmFrEOuL3Q7oKLae2oENknSWcMhy
cJTkQuzNI2HwCzR2U1TA4YUrPuNTLaQ58FiI0hEFjTjtgreMirqn9LROJjKzb/xs
Afi6pbrGefpkTZEZsnbvXxCKcej1tRYjCfgoIQ==
-----END X509 CRL-----

4
programs/ssl/test-ca/index Normal file
View File

@@ -0,0 +1,4 @@
R 091128195030Z 071129195057Z 01 unknown /O=XySSL/CN=server1.test
V 091128195038Z 02 unknown /O=XySSL/CN=localhost
R 091128195042Z 071129195101Z 03 unknown /O=XySSL/CN=Test User 1
V 091128195048Z 04 unknown /O=XySSL/CN=Test User 2

1
programs/ssl/test-ca/index.attr Normal file
View File

@@ -0,0 +1 @@
unique_subject = no

76
programs/ssl/test-ca/newcerts/01.pem Normal file
View File

@@ -0,0 +1,76 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=XySSL, CN=XySSL Test CA
Validity
Not Before: Nov 29 19:50:30 2007 GMT
Not After : Nov 28 19:50:30 2009 GMT
Subject: O=XySSL, CN=server1.test
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:c6:ca:48:5e:2b:f2:79:4b:32:0c:38:01:e1:4c:
1c:d1:24:bb:ea:de:b8:2f:fb:7a:01:da:4b:3c:13:
0b:d1:12:c0:69:dc:f3:37:2b:fd:b7:a3:b7:49:f2:
57:c2:6d:f8:be:90:f6:7e:fa:80:37:89:17:b8:4c:
85:22:36:f4:36:51:9f:91:6b:48:01:9e:bb:e6:8e:
99:be:ab:45:01:c2:6f:f0:0f:ad:22:ba:83:06:38:
aa:b2:3c:e7:f4:aa:c9:32:30:32:db:1c:1a:96:87:
eb:2f:53:0d:97:2d:75:3c:bc:75:74:e5:04:51:67:
4e:4e:81:d0:00:4c:ff:47:e7:c3:ca:1f:5d:1c:65:
00:89:0b:d2:78:a5:d3:d2:8f:5c:f8:fe:e5:54:9d:
64:83:bc:12:dc:38:cc:b4:68:3e:2b:c6:b9:d0:ef:
b1:e8:bc:cf:5a:b5:b3:1f:47:0a:b1:0f:79:06:97:
73:3b:75:f0:6e:26:1d:36:88:4a:e9:64:b6:e6:58:
f8:92:12:a6:7c:08:cc:7b:69:47:6e:c6:65:ae:d8:
31:39:30:3d:ca:0a:4b:2c:c2:01:3e:e9:05:c6:6e:
1f:ce:38:21:22:f4:f5:00:1e:18:0e:d5:48:1a:6e:
d5:22:82:af:be:09:a7:47:03:0b:d3:4d:52:5e:34:
d1:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
F7:AB:E7:C0:58:5F:E0:01:C5:A4:26:83:44:CC:1E:7A:91:C9:44:65
X509v3 Authority Key Identifier:
keyid:F2:67:B1:5D:5F:51:5E:DA:51:89:E9:D9:E9:6B:CA:8B:AF:A5:2E:69
Signature Algorithm: sha1WithRSAEncryption
06:9b:8d:63:8c:bb:8a:2b:1a:87:ae:3a:27:34:bc:24:60:f0:
95:12:0e:f5:4c:e6:e4:1f:bd:e2:83:a3:d4:1e:dd:ed:8e:c1:
93:bc:e6:20:96:34:65:73:ac:bb:85:64:54:49:53:82:da:27:
8d:86:e5:a3:12:a5:b6:8e:c6:40:87:0b:1a:a4:02:fe:47:a9:
bf:36:39:b1:54:a7:63:1f:92:b2:1a:4f:9e:05:98:e6:f5:b1:
16:fb:47:bb:57:1f:31:35:8e:f8:36:d1:36:48:6a:25:c8:0e:
1c:3d:02:90:cd:cd:1e:68:d2:af:09:e2:69:51:ce:3a:11:67:
20:40:44:c9:9a:4d:9c:3c:af:07:22:dc:99:77:71:40:46:d7:
fe:3c:00:30:fc:67:50:89:73:aa:04:4c:ef:e2:44:c1:2e:88:
83:89:83:80:47:88:47:ca:1b:db:67:7e:e7:a8:0a:54:b8:72:
f4:96:3f:eb:c1:ba:21:c1:fe:07:eb:ce:4d:b0:80:d6:d9:cf:
2d:e9:8e:c2:2f:6f:cc:8b:a9:13:fd:48:50:5e:2f:86:cd:9e:
8b:ad:16:7f:69:ab:b7:7b:7f:c6:d8:49:f8:06:d0:8a:37:71:
75:d8:4f:3f:02:29:3e:9e:29:cc:f6:e7:c3:10:42:77:6c:34:
63:f3:be:57
-----BEGIN CERTIFICATE-----
MIIDFzCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAoMQ4wDAYDVQQKEwVYeVNT
TDEWMBQGA1UEAxMNWHlTU0wgVGVzdCBDQTAeFw0wNzExMjkxOTUwMzBaFw0wOTEx
MjgxOTUwMzBaMCcxDjAMBgNVBAoTBVh5U1NMMRUwEwYDVQQDEwxzZXJ2ZXIxLnRl
c3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGykheK/J5SzIMOAHh
TBzRJLvq3rgv+3oB2ks8EwvREsBp3PM3K/23o7dJ8lfCbfi+kPZ++oA3iRe4TIUi
NvQ2UZ+Ra0gBnrvmjpm+q0UBwm/wD60iuoMGOKqyPOf0qskyMDLbHBqWh+svUw2X
LXU8vHV05QRRZ05OgdAATP9H58PKH10cZQCJC9J4pdPSj1z4/uVUnWSDvBLcOMy0
aD4rxrnQ77HovM9atbMfRwqxD3kGl3M7dfBuJh02iErpZLbmWPiSEqZ8CMx7aUdu
xmWu2DE5MD3KCksswgE+6QXGbh/OOCEi9PUAHhgO1UgabtUigq++CadHAwvTTVJe
NNEVAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFPer58BYX+ABxaQmg0TM
HnqRyURlMB8GA1UdIwQYMBaAFPJnsV1fUV7aUYnp2elryouvpS5pMA0GCSqGSIb3
DQEBBQUAA4IBAQAGm41jjLuKKxqHrjonNLwkYPCVEg71TObkH73ig6PUHt3tjsGT
vOYgljRlc6y7hWRUSVOC2ieNhuWjEqW2jsZAhwsapAL+R6m/NjmxVKdjH5KyGk+e
BZjm9bEW+0e7Vx8xNY74NtE2SGolyA4cPQKQzc0eaNKvCeJpUc46EWcgQETJmk2c
PK8HItyZd3FARtf+PAAw/GdQiXOqBEzv4kTBLoiDiYOAR4hHyhvbZ37nqApUuHL0
lj/rwbohwf4H685NsIDW2c8t6Y7CL2/Mi6kT/UhQXi+GzZ6LrRZ/aau3e3/G2En4
BtCKN3F12E8/Aik+ninM9ufDEEJ3bDRj875X
-----END CERTIFICATE-----

76
programs/ssl/test-ca/newcerts/02.pem Normal file
View File

@@ -0,0 +1,76 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=XySSL, CN=XySSL Test CA
Validity
Not Before: Nov 29 19:50:38 2007 GMT
Not After : Nov 28 19:50:38 2009 GMT
Subject: O=XySSL, CN=localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:cc:d4:56:38:49:e6:d6:7f:50:e7:d2:05:c8:99:
25:32:45:71:dd:1c:e1:72:3d:68:94:c0:68:e2:2e:
95:94:87:03:5b:fc:70:69:c4:b3:a0:94:e6:71:02:
18:b1:00:5b:bd:90:ee:08:d0:cd:33:d2:fb:5e:ca:
d6:c2:58:ed:f0:51:b7:54:ac:a4:99:22:8b:a3:07:
bb:d7:41:14:de:0a:5a:92:9d:2d:08:1c:5f:bf:9b:
dc:02:bb:c2:ca:06:b8:f2:8d:04:67:52:ca:9c:3a:
15:a3:ba:30:2f:51:07:4d:8c:69:5c:8c:9f:41:56:
03:ca:b4:88:b8:ce:0f:f0:28:67:19:dd:4c:96:64:
8d:1c:07:b2:c6:cb:58:bf:d9:2b:42:39:ed:28:80:
30:61:23:0e:95:d7:27:11:6f:7e:bc:bc:7b:73:01:
c3:9a:56:fb:e6:ae:88:a8:96:5a:0f:bb:a5:b1:9d:
d5:4a:74:00:26:68:08:3d:67:92:49:58:ab:e2:6a:
00:45:83:3b:e1:e3:e6:c7:2c:c0:40:b9:ca:68:0b:
a4:8f:ba:6d:53:af:6f:7a:57:84:4f:d8:b0:ae:0c:
ce:23:1b:25:32:13:b6:3a:97:74:ca:af:2c:96:76:
34:b2:24:6e:39:45:13:ec:be:16:db:b8:41:71:06:
00:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
B1:B0:EA:31:9D:5C:4F:00:7F:CD:0D:1F:78:A9:18:5D:96:DE:AA:B1
X509v3 Authority Key Identifier:
keyid:F2:67:B1:5D:5F:51:5E:DA:51:89:E9:D9:E9:6B:CA:8B:AF:A5:2E:69
Signature Algorithm: sha1WithRSAEncryption
2b:9f:5d:f7:8c:42:89:45:d9:19:6f:d1:87:71:c7:74:ec:13:
c1:c3:7d:51:b5:6d:c3:f8:f4:cc:8a:d5:3b:ee:59:0e:0b:b8:
bf:7f:a3:4a:69:cb:ea:54:fc:58:98:34:05:0a:62:aa:73:61:
f2:15:8c:20:93:61:0b:9f:fd:64:d1:7d:87:b3:e5:43:1b:71:
36:b4:4c:b1:19:38:04:35:e7:f6:52:e5:3c:d0:a5:2d:55:99:
9e:5b:df:d5:60:6c:59:ac:e4:f7:4e:f7:55:ce:da:1c:9c:5e:
35:a8:d5:41:47:09:e0:df:7d:75:7e:8e:41:2c:93:34:bf:d2:
5e:5b:15:15:05:02:4d:24:1e:c4:5b:03:52:ab:0a:ac:6d:72:
00:3c:de:f9:0f:84:73:dc:b2:e6:52:6c:82:af:26:97:5a:58:
50:89:a3:c7:d9:5d:a5:8a:3c:e0:e8:3e:63:eb:4f:ff:fd:45:
b2:ec:a1:fb:45:03:0f:37:d0:a1:8d:42:bf:23:91:66:2e:09:
61:18:3e:5b:e7:b7:e4:6e:e0:2d:88:0d:c2:2a:e6:19:fa:35:
05:0d:8b:a4:f3:fb:05:54:98:87:66:5a:a2:f3:56:b5:39:7c:
1c:28:50:06:4a:3c:60:5a:e8:ec:19:4e:7e:cd:b1:56:5e:a3:
4d:f8:6c:72
-----BEGIN CERTIFICATE-----
MIIDFDCCAfygAwIBAgIBAjANBgkqhkiG9w0BAQUFADAoMQ4wDAYDVQQKEwVYeVNT
TDEWMBQGA1UEAxMNWHlTU0wgVGVzdCBDQTAeFw0wNzExMjkxOTUwMzhaFw0wOTEx
MjgxOTUwMzhaMCQxDjAMBgNVBAoTBVh5U1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM1FY4SebWf1Dn0gXImSUy
RXHdHOFyPWiUwGjiLpWUhwNb/HBpxLOglOZxAhixAFu9kO4I0M0z0vteytbCWO3w
UbdUrKSZIoujB7vXQRTeClqSnS0IHF+/m9wCu8LKBrjyjQRnUsqcOhWjujAvUQdN
jGlcjJ9BVgPKtIi4zg/wKGcZ3UyWZI0cB7LGy1i/2StCOe0ogDBhIw6V1ycRb368
vHtzAcOaVvvmroiolloPu6WxndVKdAAmaAg9Z5JJWKviagBFgzvh4+bHLMBAucpo
C6SPum1Tr296V4RP2LCuDM4jGyUyE7Y6l3TKryyWdjSyJG45RRPsvhbbuEFxBgDt
AgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFLGw6jGdXE8Af80NH3ipGF2W
3qqxMB8GA1UdIwQYMBaAFPJnsV1fUV7aUYnp2elryouvpS5pMA0GCSqGSIb3DQEB
BQUAA4IBAQArn133jEKJRdkZb9GHccd07BPBw31RtW3D+PTMitU77lkOC7i/f6NK
acvqVPxYmDQFCmKqc2HyFYwgk2ELn/1k0X2Hs+VDG3E2tEyxGTgENef2UuU80KUt
VZmeW9/VYGxZrOT3TvdVztocnF41qNVBRwng3311fo5BLJM0v9JeWxUVBQJNJB7E
WwNSqwqsbXIAPN75D4Rz3LLmUmyCryaXWlhQiaPH2V2lijzg6D5j60///UWy7KH7
RQMPN9ChjUK/I5FmLglhGD5b57fkbuAtiA3CKuYZ+jUFDYuk8/sFVJiHZlqi81a1
OXwcKFAGSjxgWujsGU5+zbFWXqNN+Gxy
-----END CERTIFICATE-----

76
programs/ssl/test-ca/newcerts/03.pem Normal file
View File

@@ -0,0 +1,76 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=XySSL, CN=XySSL Test CA
Validity
Not Before: Nov 29 19:50:42 2007 GMT
Not After : Nov 28 19:50:42 2009 GMT
Subject: O=XySSL, CN=Test User 1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:a7:2b:e9:c3:d5:68:7c:e7:4b:23:20:31:c8:0e:
be:9f:c8:e6:b6:a7:09:c5:59:67:ab:6d:e9:f3:7e:
b2:e7:3b:1c:99:28:33:e0:b8:e9:8b:ee:45:a3:de:
91:f8:03:59:34:f1:b6:e0:b3:62:33:45:87:64:8e:
59:d3:34:4f:f9:fb:3c:64:53:a2:f2:53:20:97:a3:
2b:fe:6d:c4:f3:38:83:02:92:c8:cb:8f:9e:d9:d3:
5e:87:36:ec:17:b3:50:5b:68:b7:03:04:e2:90:2f:
d4:0e:48:40:b1:ad:11:28:de:8a:a9:4c:df:20:05:
47:8a:ef:ba:24:09:fa:ec:f6:d4:f1:0f:a1:31:b7:
f0:54:d5:d5:23:19:1e:41:6d:b7:96:17:81:ff:b3:
1e:83:92:76:4b:7c:ce:b1:8f:18:b0:69:20:60:f9:
41:8b:04:ae:89:84:a8:20:48:ae:f3:1f:50:ec:1c:
61:97:bd:81:50:54:61:5d:23:c3:c2:84:ed:19:1b:
ee:0f:22:38:28:de:51:04:41:6d:e1:82:43:76:e7:
7b:40:fd:84:ea:9e:e8:d8:da:c2:72:c4:31:c6:b0:
ca:ce:ac:7b:5c:fa:43:15:5f:41:1c:21:be:dc:96:
95:d6:77:16:ef:1d:51:8d:10:65:aa:f5:9e:f8:47:
6a:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
F2:C4:96:02:CF:BF:C1:AA:B0:D2:1A:DA:E7:F3:4B:2C:5D:D1:DF:14
X509v3 Authority Key Identifier:
keyid:F2:67:B1:5D:5F:51:5E:DA:51:89:E9:D9:E9:6B:CA:8B:AF:A5:2E:69
Signature Algorithm: sha1WithRSAEncryption
ca:29:3f:44:90:8d:9c:c6:0d:f9:e2:a9:50:d8:e5:d6:0a:e0:
be:6e:48:fb:e8:7a:f4:5f:50:dc:6b:d1:76:a5:f9:88:91:96:
62:e5:66:89:da:eb:17:01:f7:d0:d2:f7:3b:35:78:dd:80:45:
d0:64:32:13:67:20:a8:fc:d8:62:e1:44:d4:ae:41:37:2e:e7:
63:94:37:66:61:3b:38:e9:7d:8a:b6:18:d4:b7:2c:59:ea:46:
a0:ed:ab:84:79:04:be:da:0f:9e:2d:68:34:a0:06:63:fa:33:
61:bc:8a:00:07:62:c3:81:11:0d:28:d9:80:8f:51:a2:db:be:
23:16:a4:37:65:18:72:34:17:c2:a9:63:e3:5f:f4:0e:7c:58:
5e:e4:a5:44:8f:6b:23:ba:18:4e:e3:0c:25:2a:86:ee:5d:c2:
a2:e7:92:8d:a8:84:77:ef:b5:9c:af:2c:53:5d:4c:1b:eb:96:
a4:56:27:f5:bf:cb:82:91:51:6e:8a:f4:49:6a:84:39:44:a3:
23:7e:d0:83:ce:2b:4a:5f:18:1b:d1:1f:74:14:6f:91:da:1a:
ee:95:1d:ee:c7:9e:77:a2:df:1c:22:72:c2:08:bc:98:60:a0:
d6:5f:eb:d8:e8:ad:b3:f5:05:c4:1a:9b:a9:8d:29:83:7e:26:
62:fa:e3:79
-----BEGIN CERTIFICATE-----
MIIDFjCCAf6gAwIBAgIBAzANBgkqhkiG9w0BAQUFADAoMQ4wDAYDVQQKEwVYeVNT
TDEWMBQGA1UEAxMNWHlTU0wgVGVzdCBDQTAeFw0wNzExMjkxOTUwNDJaFw0wOTEx
MjgxOTUwNDJaMCYxDjAMBgNVBAoTBVh5U1NMMRQwEgYDVQQDEwtUZXN0IFVzZXIg
MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcr6cPVaHznSyMgMcgO
vp/I5ranCcVZZ6tt6fN+suc7HJkoM+C46YvuRaPekfgDWTTxtuCzYjNFh2SOWdM0
T/n7PGRTovJTIJejK/5txPM4gwKSyMuPntnTXoc27BezUFtotwME4pAv1A5IQLGt
ESjeiqlM3yAFR4rvuiQJ+uz21PEPoTG38FTV1SMZHkFtt5YXgf+zHoOSdkt8zrGP
GLBpIGD5QYsEromEqCBIrvMfUOwcYZe9gVBUYV0jw8KE7Rkb7g8iOCjeUQRBbeGC
Q3bne0D9hOqe6NjawnLEMcawys6se1z6QxVfQRwhvtyWldZ3Fu8dUY0QZar1nvhH
akECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQU8sSWAs+/waqw0hra5/NL
LF3R3xQwHwYDVR0jBBgwFoAU8mexXV9RXtpRienZ6WvKi6+lLmkwDQYJKoZIhvcN
AQEFBQADggEBAMopP0SQjZzGDfniqVDY5dYK4L5uSPvoevRfUNxr0Xal+YiRlmLl
Zona6xcB99DS9zs1eN2ARdBkMhNnIKj82GLhRNSuQTcu52OUN2ZhOzjpfYq2GNS3
LFnqRqDtq4R5BL7aD54taDSgBmP6M2G8igAHYsOBEQ0o2YCPUaLbviMWpDdlGHI0
F8KpY+Nf9A58WF7kpUSPayO6GE7jDCUqhu5dwqLnko2ohHfvtZyvLFNdTBvrlqRW
J/W/y4KRUW6K9ElqhDlEoyN+0IPOK0pfGBvRH3QUb5HaGu6VHe7Hnnei3xwicsII
vJhgoNZf69jorbP1BcQam6mNKYN+JmL643k=
-----END CERTIFICATE-----

76
programs/ssl/test-ca/newcerts/04.pem Normal file
View File

@@ -0,0 +1,76 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=XySSL, CN=XySSL Test CA
Validity
Not Before: Nov 29 19:50:48 2007 GMT
Not After : Nov 28 19:50:48 2009 GMT
Subject: O=XySSL, CN=Test User 2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:e5:7b:e1:94:06:e5:dd:20:0a:0d:6a:4f:9e:2c:
43:ea:74:f8:af:90:ab:60:7e:45:17:27:d9:1b:1d:
90:44:97:42:45:67:22:32:d5:eb:97:4e:76:ef:45:
99:3f:80:29:c5:45:94:7d:43:c0:0b:01:bd:ac:9c:
9d:cf:ff:3f:ea:1e:04:1c:2a:70:94:ff:6b:d1:63:
6f:cd:b0:5f:1d:bf:d6:45:f2:e1:32:17:18:87:b4:
79:39:52:01:23:50:5d:8d:10:89:02:c7:e8:a8:67:
a5:14:41:0f:1a:d7:25:2b:91:f8:6a:c6:5d:e3:b0:
fe:30:7c:47:56:95:93:e1:e8:e4:74:e5:1f:bf:00:
32:49:8e:f7:1d:29:07:68:4c:8e:ca:6f:84:96:37:
37:3d:ee:92:1d:15:b3:18:30:ef:a0:46:b1:6e:7b:
ec:d4:a6:27:8d:11:f9:35:31:9c:91:04:c8:e2:8a:
ac:4f:cb:b4:49:b0:92:2b:82:59:4e:69:00:62:51:
4f:5d:10:72:54:03:5c:24:39:8a:fb:39:6b:c1:da:
84:10:15:c3:04:cb:31:26:91:b8:0a:b1:b5:32:69:
ec:0f:64:a7:51:53:dc:64:13:b1:c2:ec:fc:55:0a:
d8:f5:22:e7:c4:d9:4f:73:8d:85:b6:cc:8b:2a:51:
76:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
72:A9:55:09:13:A6:61:1E:1D:9F:00:BA:AF:93:D9:8D:69:86:1D:20
X509v3 Authority Key Identifier:
keyid:F2:67:B1:5D:5F:51:5E:DA:51:89:E9:D9:E9:6B:CA:8B:AF:A5:2E:69
Signature Algorithm: sha1WithRSAEncryption
68:32:9c:c5:ea:15:03:a3:2a:5b:e0:3b:ef:02:72:72:5e:5f:
57:b3:32:1f:a8:46:93:33:38:75:92:5f:41:e3:99:97:3a:f2:
0d:7d:2b:71:81:31:a7:ff:15:28:e8:f1:fe:d4:c1:83:2b:0b:
1a:1b:6c:b3:81:01:e1:4c:77:51:8b:09:2d:7f:da:52:2c:f5:
9e:38:a7:59:b8:cc:dc:f5:42:d4:3f:7f:22:96:7e:4a:89:f0:
cc:6e:77:f0:ee:79:d3:82:20:7a:0c:17:e2:c8:14:77:81:cd:
bf:34:27:76:7c:c2:eb:4f:93:dd:0a:a3:ee:2e:b9:f6:8a:d2:
7f:0b:f0:69:0f:90:05:6e:d6:ca:23:91:6d:38:68:28:2b:c7:
2d:99:17:c7:2a:1b:a6:1b:78:ea:68:56:cb:2e:83:d4:98:54:
1f:a5:77:cd:88:59:9c:bd:a2:88:70:4e:f4:68:f0:0e:70:45:
9c:c0:ef:d4:48:f0:14:cc:24:b5:47:40:08:07:2f:df:78:0b:
0b:50:f6:49:85:41:8c:48:12:78:3a:67:67:d9:82:09:0f:54:
a5:fe:14:7c:d4:21:60:a2:45:2b:ea:97:df:38:cc:f5:5a:cd:
4d:62:5a:a1:cf:51:cb:93:36:2e:c7:17:ec:77:89:06:f2:c9:
55:70:96:f3
-----BEGIN CERTIFICATE-----
MIIDFjCCAf6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADAoMQ4wDAYDVQQKEwVYeVNT
TDEWMBQGA1UEAxMNWHlTU0wgVGVzdCBDQTAeFw0wNzExMjkxOTUwNDhaFw0wOTEx
MjgxOTUwNDhaMCYxDjAMBgNVBAoTBVh5U1NMMRQwEgYDVQQDEwtUZXN0IFVzZXIg
MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOV74ZQG5d0gCg1qT54s
Q+p0+K+Qq2B+RRcn2RsdkESXQkVnIjLV65dOdu9FmT+AKcVFlH1DwAsBvaycnc//
P+oeBBwqcJT/a9Fjb82wXx2/1kXy4TIXGIe0eTlSASNQXY0QiQLH6KhnpRRBDxrX
JSuR+GrGXeOw/jB8R1aVk+Ho5HTlH78AMkmO9x0pB2hMjspvhJY3Nz3ukh0Vsxgw
76BGsW577NSmJ40R+TUxnJEEyOKKrE/LtEmwkiuCWU5pAGJRT10QclQDXCQ5ivs5
a8HahBAVwwTLMSaRuAqxtTJp7A9kp1FT3GQTscLs/FUK2PUi58TZT3ONhbbMiypR
duMCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUcqlVCROmYR4dnwC6r5PZ
jWmGHSAwHwYDVR0jBBgwFoAU8mexXV9RXtpRienZ6WvKi6+lLmkwDQYJKoZIhvcN
AQEFBQADggEBAGgynMXqFQOjKlvgO+8CcnJeX1ezMh+oRpMzOHWSX0HjmZc68g19
K3GBMaf/FSjo8f7UwYMrCxobbLOBAeFMd1GLCS1/2lIs9Z44p1m4zNz1QtQ/fyKW
fkqJ8Mxud/DuedOCIHoMF+LIFHeBzb80J3Z8wutPk90Ko+4uufaK0n8L8GkPkAVu
1sojkW04aCgrxy2ZF8cqG6YbeOpoVssug9SYVB+ld82IWZy9oohwTvRo8A5wRZzA
79RI8BTMJLVHQAgHL994CwtQ9kmFQYxIEng6Z2fZggkPVKX+FHzUIWCiRSvql984
zPVazU1iWqHPUcuTNi7HF+x3iQbyyVVwlvM=
-----END CERTIFICATE-----

1
programs/ssl/test-ca/serial Normal file
View File

@@ -0,0 +1 @@
05

76
programs/ssl/test-ca/server1.crt Normal file
View File

@@ -0,0 +1,76 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=XySSL, CN=XySSL Test CA
Validity
Not Before: Nov 29 19:50:30 2007 GMT
Not After : Nov 28 19:50:30 2009 GMT
Subject: O=XySSL, CN=server1.test
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:c6:ca:48:5e:2b:f2:79:4b:32:0c:38:01:e1:4c:
1c:d1:24:bb:ea:de:b8:2f:fb:7a:01:da:4b:3c:13:
0b:d1:12:c0:69:dc:f3:37:2b:fd:b7:a3:b7:49:f2:
57:c2:6d:f8:be:90:f6:7e:fa:80:37:89:17:b8:4c:
85:22:36:f4:36:51:9f:91:6b:48:01:9e:bb:e6:8e:
99:be:ab:45:01:c2:6f:f0:0f:ad:22:ba:83:06:38:
aa:b2:3c:e7:f4:aa:c9:32:30:32:db:1c:1a:96:87:
eb:2f:53:0d:97:2d:75:3c:bc:75:74:e5:04:51:67:
4e:4e:81:d0:00:4c:ff:47:e7:c3:ca:1f:5d:1c:65:
00:89:0b:d2:78:a5:d3:d2:8f:5c:f8:fe:e5:54:9d:
64:83:bc:12:dc:38:cc:b4:68:3e:2b:c6:b9:d0:ef:
b1:e8:bc:cf:5a:b5:b3:1f:47:0a:b1:0f:79:06:97:
73:3b:75:f0:6e:26:1d:36:88:4a:e9:64:b6:e6:58:
f8:92:12:a6:7c:08:cc:7b:69:47:6e:c6:65:ae:d8:
31:39:30:3d:ca:0a:4b:2c:c2:01:3e:e9:05:c6:6e:
1f:ce:38:21:22:f4:f5:00:1e:18:0e:d5:48:1a:6e:
d5:22:82:af:be:09:a7:47:03:0b:d3:4d:52:5e:34:
d1:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
F7:AB:E7:C0:58:5F:E0:01:C5:A4:26:83:44:CC:1E:7A:91:C9:44:65
X509v3 Authority Key Identifier:
keyid:F2:67:B1:5D:5F:51:5E:DA:51:89:E9:D9:E9:6B:CA:8B:AF:A5:2E:69
Signature Algorithm: sha1WithRSAEncryption
06:9b:8d:63:8c:bb:8a:2b:1a:87:ae:3a:27:34:bc:24:60:f0:
95:12:0e:f5:4c:e6:e4:1f:bd:e2:83:a3:d4:1e:dd:ed:8e:c1:
93:bc:e6:20:96:34:65:73:ac:bb:85:64:54:49:53:82:da:27:
8d:86:e5:a3:12:a5:b6:8e:c6:40:87:0b:1a:a4:02:fe:47:a9:
bf:36:39:b1:54:a7:63:1f:92:b2:1a:4f:9e:05:98:e6:f5:b1:
16:fb:47:bb:57:1f:31:35:8e:f8:36:d1:36:48:6a:25:c8:0e:
1c:3d:02:90:cd:cd:1e:68:d2:af:09:e2:69:51:ce:3a:11:67:
20:40:44:c9:9a:4d:9c:3c:af:07:22:dc:99:77:71:40:46:d7:
fe:3c:00:30:fc:67:50:89:73:aa:04:4c:ef:e2:44:c1:2e:88:
83:89:83:80:47:88:47:ca:1b:db:67:7e:e7:a8:0a:54:b8:72:
f4:96:3f:eb:c1:ba:21:c1:fe:07:eb:ce:4d:b0:80:d6:d9:cf:
2d:e9:8e:c2:2f:6f:cc:8b:a9:13:fd:48:50:5e:2f:86:cd:9e:
8b:ad:16:7f:69:ab:b7:7b:7f:c6:d8:49:f8:06:d0:8a:37:71:
75:d8:4f:3f:02:29:3e:9e:29:cc:f6:e7:c3:10:42:77:6c:34:
63:f3:be:57
-----BEGIN CERTIFICATE-----
MIIDFzCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAoMQ4wDAYDVQQKEwVYeVNT
TDEWMBQGA1UEAxMNWHlTU0wgVGVzdCBDQTAeFw0wNzExMjkxOTUwMzBaFw0wOTEx
MjgxOTUwMzBaMCcxDjAMBgNVBAoTBVh5U1NMMRUwEwYDVQQDEwxzZXJ2ZXIxLnRl
c3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGykheK/J5SzIMOAHh
TBzRJLvq3rgv+3oB2ks8EwvREsBp3PM3K/23o7dJ8lfCbfi+kPZ++oA3iRe4TIUi
NvQ2UZ+Ra0gBnrvmjpm+q0UBwm/wD60iuoMGOKqyPOf0qskyMDLbHBqWh+svUw2X
LXU8vHV05QRRZ05OgdAATP9H58PKH10cZQCJC9J4pdPSj1z4/uVUnWSDvBLcOMy0
aD4rxrnQ77HovM9atbMfRwqxD3kGl3M7dfBuJh02iErpZLbmWPiSEqZ8CMx7aUdu
xmWu2DE5MD3KCksswgE+6QXGbh/OOCEi9PUAHhgO1UgabtUigq++CadHAwvTTVJe
NNEVAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFPer58BYX+ABxaQmg0TM
HnqRyURlMB8GA1UdIwQYMBaAFPJnsV1fUV7aUYnp2elryouvpS5pMA0GCSqGSIb3
DQEBBQUAA4IBAQAGm41jjLuKKxqHrjonNLwkYPCVEg71TObkH73ig6PUHt3tjsGT
vOYgljRlc6y7hWRUSVOC2ieNhuWjEqW2jsZAhwsapAL+R6m/NjmxVKdjH5KyGk+e
BZjm9bEW+0e7Vx8xNY74NtE2SGolyA4cPQKQzc0eaNKvCeJpUc46EWcgQETJmk2c
PK8HItyZd3FARtf+PAAw/GdQiXOqBEzv4kTBLoiDiYOAR4hHyhvbZ37nqApUuHL0
lj/rwbohwf4H685NsIDW2c8t6Y7CL2/Mi6kT/UhQXi+GzZ6LrRZ/aau3e3/G2En4
BtCKN3F12E8/Aik+ninM9ufDEEJ3bDRj875X
-----END CERTIFICATE-----

27
programs/ssl/test-ca/server1.key Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAxspIXivyeUsyDDgB4Uwc0SS76t64L/t6AdpLPBML0RLAadzz
Nyv9t6O3SfJXwm34vpD2fvqAN4kXuEyFIjb0NlGfkWtIAZ675o6ZvqtFAcJv8A+t
IrqDBjiqsjzn9KrJMjAy2xwalofrL1MNly11PLx1dOUEUWdOToHQAEz/R+fDyh9d
HGUAiQvSeKXT0o9c+P7lVJ1kg7wS3DjMtGg+K8a50O+x6LzPWrWzH0cKsQ95Bpdz
O3XwbiYdNohK6WS25lj4khKmfAjMe2lHbsZlrtgxOTA9ygpLLMIBPukFxm4fzjgh
IvT1AB4YDtVIGm7VIoKvvgmnRwML001SXjTRFQIDAQABAoIBAHw0n4rXgqTuqtKf
m+0dFVRH03IovoScZ9sIfcGHVPbI9JgwiXaLcfdvv3HgjZzaAXVwNdOYyMvqSHvK
s9Rw6Z2W2lCN62u3tkeUCdPsRy2WQ0KHSPJN/tfASEcdbwCcRSGqo9vrb2FmgzgK
eI9gw8OzLOBgx5XlKjQ7P68wbMCLoQ4z7UZQkqWRhBrO6r2yR6/+y91OgrFixp/D
rpsWvvW4+EmPihYceA8CTqqZSz7DKcNvNyPqCFRav+856m/9oBxKOkuuvoR3811c
GSn+c8Np/bbKQxZ6YA94QujoKMXO8i8ZEnRfMKa/NbBMpa1jSRTd/5uA6/CI+bUB
io1nLgECgYEA4eVuezN7SvMN8ihB61Hg6fGwa2YiTPkCp7WWeRHB8f+2iq0hFCAn
yu9YsyafVMVPwoebEMCkqaIrlrKdL0w3xUjDNwhgSyAQyXUnSQFwa3IkhLWNkj5P
pQCAeZy9PEGwolPQKBNVaU+J7p7ipOv9VAyBmyqUq4XXwpYcdyH6NbUCgYEA4Ugd
Kt3/iOJpv1PMIQpXI926lXbH6hquqlQbpb35YlNgC4N8eC/r4Q/yW7FI0kD72ipO
EUlSFne8FJHPluNe6GahF9np6M48ogmv6QhiOFf5T+6kVXdJ+akqYhcWC5m/hArT
/q27+PwTpYBwIwf54PaM/k9iOz0zH9bqY3TvSeECgYEAmChicroKokF1c1eKj2dn
iC00GCODlzVjhHPcF1DOwqLr4h0b2uKN6zOtG384c3E0eGO/H1mjkF+b3LYTCnjc
WBba54bM1c2TgR9YhuRhRP5teraP1aIDI7Fi2IerL5tPzweFfnkHXxgkYIbFQzFy
QdrqsgnMenx9CKT0J4rLbsECgYA5a2gDxRGckhjh6zncMgaD3b/w2JWb1bEvOMDT
PdiSdy3DwX+4In68npPnSwiEjouiz6WWQlnp4BrQI1oF224VThNBQQmdjPNnWZC8
lKZ0NfgVp327SuxP9g4XckrsKgPmY9wkzaNbkuRvCo2KYD4QWMcXCqS+9JpTQzP6
pZNYAQKBgQC5mvSC9zxQYX9Ia9PDL4q6AjdG0XweZuYHk2/bQ1LQjM7qI1mescol
CXbNXUxhw2XAXkw8BFAfPJ3npIL7FX0htEiYx7KqpCYN7IXSpQ6xexZn6nEm+mBz
VMWO8Roj95S3tyZOTzbmuUNbQsfLZlQ2hUeUBvJ5UH+LBFivjxy0pw==
-----END RSA PRIVATE KEY-----

76
programs/ssl/test-ca/server2.crt Normal file
View File

@@ -0,0 +1,76 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=XySSL, CN=XySSL Test CA
Validity
Not Before: Nov 29 19:50:38 2007 GMT
Not After : Nov 28 19:50:38 2009 GMT
Subject: O=XySSL, CN=localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:cc:d4:56:38:49:e6:d6:7f:50:e7:d2:05:c8:99:
25:32:45:71:dd:1c:e1:72:3d:68:94:c0:68:e2:2e:
95:94:87:03:5b:fc:70:69:c4:b3:a0:94:e6:71:02:
18:b1:00:5b:bd:90:ee:08:d0:cd:33:d2:fb:5e:ca:
d6:c2:58:ed:f0:51:b7:54:ac:a4:99:22:8b:a3:07:
bb:d7:41:14:de:0a:5a:92:9d:2d:08:1c:5f:bf:9b:
dc:02:bb:c2:ca:06:b8:f2:8d:04:67:52:ca:9c:3a:
15:a3:ba:30:2f:51:07:4d:8c:69:5c:8c:9f:41:56:
03:ca:b4:88:b8:ce:0f:f0:28:67:19:dd:4c:96:64:
8d:1c:07:b2:c6:cb:58:bf:d9:2b:42:39:ed:28:80:
30:61:23:0e:95:d7:27:11:6f:7e:bc:bc:7b:73:01:
c3:9a:56:fb:e6:ae:88:a8:96:5a:0f:bb:a5:b1:9d:
d5:4a:74:00:26:68:08:3d:67:92:49:58:ab:e2:6a:
00:45:83:3b:e1:e3:e6:c7:2c:c0:40:b9:ca:68:0b:
a4:8f:ba:6d:53:af:6f:7a:57:84:4f:d8:b0:ae:0c:
ce:23:1b:25:32:13:b6:3a:97:74:ca:af:2c:96:76:
34:b2:24:6e:39:45:13:ec:be:16:db:b8:41:71:06:
00:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
B1:B0:EA:31:9D:5C:4F:00:7F:CD:0D:1F:78:A9:18:5D:96:DE:AA:B1
X509v3 Authority Key Identifier:
keyid:F2:67:B1:5D:5F:51:5E:DA:51:89:E9:D9:E9:6B:CA:8B:AF:A5:2E:69
Signature Algorithm: sha1WithRSAEncryption
2b:9f:5d:f7:8c:42:89:45:d9:19:6f:d1:87:71:c7:74:ec:13:
c1:c3:7d:51:b5:6d:c3:f8:f4:cc:8a:d5:3b:ee:59:0e:0b:b8:
bf:7f:a3:4a:69:cb:ea:54:fc:58:98:34:05:0a:62:aa:73:61:
f2:15:8c:20:93:61:0b:9f:fd:64:d1:7d:87:b3:e5:43:1b:71:
36:b4:4c:b1:19:38:04:35:e7:f6:52:e5:3c:d0:a5:2d:55:99:
9e:5b:df:d5:60:6c:59:ac:e4:f7:4e:f7:55:ce:da:1c:9c:5e:
35:a8:d5:41:47:09:e0:df:7d:75:7e:8e:41:2c:93:34:bf:d2:
5e:5b:15:15:05:02:4d:24:1e:c4:5b:03:52:ab:0a:ac:6d:72:
00:3c:de:f9:0f:84:73:dc:b2:e6:52:6c:82:af:26:97:5a:58:
50:89:a3:c7:d9:5d:a5:8a:3c:e0:e8:3e:63:eb:4f:ff:fd:45:
b2:ec:a1:fb:45:03:0f:37:d0:a1:8d:42:bf:23:91:66:2e:09:
61:18:3e:5b:e7:b7:e4:6e:e0:2d:88:0d:c2:2a:e6:19:fa:35:
05:0d:8b:a4:f3:fb:05:54:98:87:66:5a:a2:f3:56:b5:39:7c:
1c:28:50:06:4a:3c:60:5a:e8:ec:19:4e:7e:cd:b1:56:5e:a3:
4d:f8:6c:72
-----BEGIN CERTIFICATE-----
MIIDFDCCAfygAwIBAgIBAjANBgkqhkiG9w0BAQUFADAoMQ4wDAYDVQQKEwVYeVNT
TDEWMBQGA1UEAxMNWHlTU0wgVGVzdCBDQTAeFw0wNzExMjkxOTUwMzhaFw0wOTEx
MjgxOTUwMzhaMCQxDjAMBgNVBAoTBVh5U1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM1FY4SebWf1Dn0gXImSUy
RXHdHOFyPWiUwGjiLpWUhwNb/HBpxLOglOZxAhixAFu9kO4I0M0z0vteytbCWO3w
UbdUrKSZIoujB7vXQRTeClqSnS0IHF+/m9wCu8LKBrjyjQRnUsqcOhWjujAvUQdN
jGlcjJ9BVgPKtIi4zg/wKGcZ3UyWZI0cB7LGy1i/2StCOe0ogDBhIw6V1ycRb368
vHtzAcOaVvvmroiolloPu6WxndVKdAAmaAg9Z5JJWKviagBFgzvh4+bHLMBAucpo
C6SPum1Tr296V4RP2LCuDM4jGyUyE7Y6l3TKryyWdjSyJG45RRPsvhbbuEFxBgDt
AgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFLGw6jGdXE8Af80NH3ipGF2W
3qqxMB8GA1UdIwQYMBaAFPJnsV1fUV7aUYnp2elryouvpS5pMA0GCSqGSIb3DQEB
BQUAA4IBAQArn133jEKJRdkZb9GHccd07BPBw31RtW3D+PTMitU77lkOC7i/f6NK
acvqVPxYmDQFCmKqc2HyFYwgk2ELn/1k0X2Hs+VDG3E2tEyxGTgENef2UuU80KUt
VZmeW9/VYGxZrOT3TvdVztocnF41qNVBRwng3311fo5BLJM0v9JeWxUVBQJNJB7E
WwNSqwqsbXIAPN75D4Rz3LLmUmyCryaXWlhQiaPH2V2lijzg6D5j60///UWy7KH7
RQMPN9ChjUK/I5FmLglhGD5b57fkbuAtiA3CKuYZ+jUFDYuk8/sFVJiHZlqi81a1
OXwcKFAGSjxgWujsGU5+zbFWXqNN+Gxy
-----END CERTIFICATE-----

27
programs/ssl/test-ca/server2.key Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAzNRWOEnm1n9Q59IFyJklMkVx3Rzhcj1olMBo4i6VlIcDW/xw
acSzoJTmcQIYsQBbvZDuCNDNM9L7XsrWwljt8FG3VKykmSKLowe710EU3gpakp0t
CBxfv5vcArvCyga48o0EZ1LKnDoVo7owL1EHTYxpXIyfQVYDyrSIuM4P8ChnGd1M
lmSNHAeyxstYv9krQjntKIAwYSMOldcnEW9+vLx7cwHDmlb75q6IqJZaD7ulsZ3V
SnQAJmgIPWeSSVir4moARYM74ePmxyzAQLnKaAukj7ptU69veleET9iwrgzOIxsl
MhO2Opd0yq8slnY0siRuOUUT7L4W27hBcQYA7QIDAQABAoIBAFSSyBbtzLZ8Uzek
7GZrdYRQUDdwGVZGLMxete/ONEzjgmuUzAWgBlsjoBLBPti2wSqAkQhqzo+7abc2
IX6VoYk89Gmt7zibnvRt2Q2D/c3AkK1A4LscnBxNioZGaKNqKytbNppDAQ2Ini7A
Tez7k/xdIZPpLEiZ727fJCTKUKJkDhY0WlxFT4btMLJNZ4SyW6HGO+hKFzxdAtur
QoNQcWfy2FBICPeI4ZopVyMUaR3skIUJQWDAi2dqSkSevoD67o4/fF4nDxs7DZWV
ZQV6/WQ3IZHgTFc15g5qI1693ttmggytXXY2Kp41qOzGFNyrAgfj5IZef8SME2cJ
bp/6QIECgYEA/0TWDUd6u7Z1vRRPqzXQtmGfsLry+0nYd1Q0/IvPwsVDtLxaXGcl
rkhqVgxY7vP4rzU1PvjNEWKtWlD+qpv+OK7nVWeGVlmeb0ZEb+mz+qNm0inum64k
VEYDQadVX3UHLP+Uquv7iUowtrOrPrRVkFdoo7S8dzIRuU3ONkLvXeUCgYEAzWqE
sAh+KOw0YWZdAj9HFOjCOA1gaDrcQF13Cyoh3ZEIFK0J7nNkh8CZVFx7D5W1u6B0
fAmoolMO3I4PfjbuwayMELjLdpii7a10/DC6BmtVCM3+sfpJtB7LmL13MVkPpNEv
4BKFADTaxhbflemydXqUA/Cx4KBf7OhZK16+pmkCgYA9Kul/1Rj70gT0geF1TTft
/Aaf+qwuuss8DNmFipsGOO64aEneynilAoU4iUzmNV/p2/4eUNAS0mpnsfDUQPzx
6DdWp6/xERh94YCUsJOIA4+n3JRoiZn696vgF5DFhu1pQvUE3/cuNrDllrf6FoxK
Qie40p42kbDdjl9TcUaaYQKBgAdfO0PWCjENyRN1yQC7pKFreQzp7fvPoPfuYsdT
y8NX4SJc025rVcBJeTc92mzEwrDpIUUSU6r/sBjaQFQXRJpOxvgSqbqn37EH+JrU
ZNi2IWcffXSFtv9v236vzgdHWvhfSYiRIZTQUMmrKHsI2A6/R3CcwsV8+/RUol6c
F9uBAoGBAOV3xH5x9nVEecWO0vGC3/kTPYgox5pLEhCv298LcYRVgft7ajZS7C9A
/inksiXGKtIuv6jCGbQULuzBdCGOQfAOInQ9HstX01cC+kJqTdb7/g8e/qWNAaIU
/SyXap7wY6Nw0VloTBNmaEo4ZErRl1ytzbYCSa9VZrzOPIl8LUMn
-----END RSA PRIVATE KEY-----

60
programs/ssl/test-ca/sslconf.txt Normal file
View File

@@ -0,0 +1,60 @@
##================================================================
##============== Example OpenSSL configuration file ==============
##================================================================
# References:
#
# /etc/ssl/openssl.conf
# http://www.openssl.org/docs/apps/config.html
# http://www.openssl.org/docs/apps/x509v3_config.html
[ ca ]
default_ca = my_ca
[ my_ca ]
certificate = test-ca.crt
private_key = test-ca.key
database = index
serial = serial
new_certs_dir = newcerts
default_crl_days = 60
default_days = 730
default_md = sha1
policy = my_policy
x509_extensions = v3_usr
[ my_policy ]
countryName = optional
stateOrProvinceName = optional
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
distinguished_name = my_req_dn
x509_extensions = v3_ca
[ my_req_dn ]
countryName = Country Name..............
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name....
localityName = Locality Name.............
0.organizationName = Organization Name.........
organizationalUnitName = Org. Unit Name............
commonName = Common Name (required)....
commonName_max = 64
emailAddress = Email Address.............
emailAddress_max = 64
[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
[ v3_usr ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer

79
programs/ssl/test-ca/test-ca.crt Normal file
View File

@@ -0,0 +1,79 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=XySSL, CN=XySSL Test CA
Validity
Not Before: Nov 29 19:49:14 2007 GMT
Not After : Nov 29 19:49:14 2017 GMT
Subject: O=XySSL, CN=XySSL Test CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:d1:f4:8c:48:85:e1:15:a8:92:f4:43:e4:e4:f8:
ee:e7:63:bb:0a:50:39:09:0b:2f:09:be:4c:da:9d:
f9:30:40:03:76:27:94:db:73:8a:af:77:bf:73:3a:
e2:a5:9b:aa:0d:fd:26:b3:d1:37:98:e8:bc:21:82:
86:17:92:90:bf:4d:d1:73:95:f4:a3:a8:07:be:51:
15:2a:40:3b:29:d7:43:c0:f3:5e:1c:4a:37:34:f3:
34:1f:06:d3:73:8a:4f:80:a1:e7:74:03:e3:b5:77:
1f:63:54:ef:9b:9b:65:6b:d3:b5:0f:5f:6a:85:dc:
ea:4f:5b:19:59:4d:e1:29:f5:ac:a7:8d:32:b3:83:
0c:7f:f5:7d:44:ba:d4:82:ed:23:be:ae:51:c5:a8:
57:1d:d9:53:f0:33:2f:36:3c:21:2c:cc:18:c4:6b:
4f:57:ad:03:1e:80:92:a7:c8:15:8d:1c:e0:03:18:
ae:d9:08:06:45:9a:af:72:68:f7:02:69:e6:01:e7:
91:34:5f:ba:e7:7d:2e:4f:79:d7:c4:39:52:cc:3b:
dc:8d:d9:2f:f3:67:94:5e:ed:3a:f8:1e:ad:39:e1:
b4:df:f0:fb:5c:4d:4e:98:62:ac:5d:e5:45:ae:3a:
b4:1a:a7:07:bd:40:c4:43:ba:64:58:c3:a0:e1:5b:
93:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
F2:67:B1:5D:5F:51:5E:DA:51:89:E9:D9:E9:6B:CA:8B:AF:A5:2E:69
X509v3 Authority Key Identifier:
keyid:F2:67:B1:5D:5F:51:5E:DA:51:89:E9:D9:E9:6B:CA:8B:AF:A5:2E:69
DirName:/O=XySSL/CN=XySSL Test CA
serial:00
Signature Algorithm: sha1WithRSAEncryption
30:cf:17:9e:93:3b:0d:ec:3a:37:c3:fe:66:b2:eb:92:56:a4:
da:f6:c7:b1:95:e6:a5:a1:88:e5:b3:fd:d7:a3:ae:48:44:89:
4b:3e:ad:70:24:93:c8:5f:88:86:b0:c5:89:75:d7:14:86:9d:
af:66:d5:1c:de:cb:1d:45:12:fd:ba:61:61:a3:f0:f8:fa:8b:
12:2e:b2:75:62:8c:93:71:37:04:ba:ce:5e:0d:eb:bd:c2:41:
b5:d9:59:c8:d0:09:32:c4:58:bb:71:8d:0c:78:ee:b1:b0:9a:
f1:5c:05:49:79:82:84:bf:c2:19:fa:43:4b:e7:40:0a:20:86:
58:2d:a8:6e:9d:d4:16:d8:e8:88:5f:84:59:0b:fb:50:8b:40:
7d:7b:8a:e5:27:5d:c6:1c:51:3c:86:50:8f:22:1a:fa:c4:9b:
c2:84:68:9f:7d:96:15:47:94:de:3a:5c:cf:33:45:ba:92:44:
46:9c:a1:f5:42:4a:db:c1:e5:27:2a:1f:9f:cc:28:4c:94:53:
e6:b4:c6:0f:db:f5:65:19:e6:75:f2:ec:10:d1:99:27:94:9a:
fc:a1:0c:31:11:a8:28:4c:4c:88:10:58:60:05:83:33:e2:a9:
26:2d:5e:24:a5:76:63:12:23:4f:f1:6a:60:bd:38:fa:65:f4:
a9:da:f1:75
-----BEGIN CERTIFICATE-----
MIIDTTCCAjWgAwIBAgIBADANBgkqhkiG9w0BAQUFADAoMQ4wDAYDVQQKEwVYeVNT
TDEWMBQGA1UEAxMNWHlTU0wgVGVzdCBDQTAeFw0wNzExMjkxOTQ5MTRaFw0xNzEx
MjkxOTQ5MTRaMCgxDjAMBgNVBAoTBVh5U1NMMRYwFAYDVQQDEw1YeVNTTCBUZXN0
IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fSMSIXhFaiS9EPk
5Pju52O7ClA5CQsvCb5M2p35MEADdieU23OKr3e/czripZuqDf0ms9E3mOi8IYKG
F5KQv03Rc5X0o6gHvlEVKkA7KddDwPNeHEo3NPM0HwbTc4pPgKHndAPjtXcfY1Tv
m5tla9O1D19qhdzqT1sZWU3hKfWsp40ys4MMf/V9RLrUgu0jvq5RxahXHdlT8DMv
NjwhLMwYxGtPV60DHoCSp8gVjRzgAxiu2QgGRZqvcmj3AmnmAeeRNF+6530uT3nX
xDlSzDvcjdkv82eUXu06+B6tOeG03/D7XE1OmGKsXeVFrjq0GqcHvUDEQ7pkWMOg
4VuTdwIDAQABo4GBMH8wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU8mexXV9RXtpR
ienZ6WvKi6+lLmkwUAYDVR0jBEkwR4AU8mexXV9RXtpRienZ6WvKi6+lLmmhLKQq
MCgxDjAMBgNVBAoTBVh5U1NMMRYwFAYDVQQDEw1YeVNTTCBUZXN0IENBggEAMA0G
CSqGSIb3DQEBBQUAA4IBAQAwzxeekzsN7Do3w/5msuuSVqTa9sexlealoYjls/3X
o65IRIlLPq1wJJPIX4iGsMWJddcUhp2vZtUc3ssdRRL9umFho/D4+osSLrJ1YoyT
cTcEus5eDeu9wkG12VnI0AkyxFi7cY0MeO6xsJrxXAVJeYKEv8IZ+kNL50AKIIZY
LahundQW2OiIX4RZC/tQi0B9e4rlJ13GHFE8hlCPIhr6xJvChGiffZYVR5TeOlzP
M0W6kkRGnKH1QkrbweUnKh+fzChMlFPmtMYP2/VlGeZ18uwQ0ZknlJr8oQwxEago
TEyIEFhgBYMz4qkmLV4kpXZjEiNP8WpgvTj6ZfSp2vF1
-----END CERTIFICATE-----

30
programs/ssl/test-ca/test-ca.key Normal file
View File

@@ -0,0 +1,30 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,FED222215EA5FD24
jP877McdF++j3XBbkQtSyNc4W8dQ4oueOHs5oLN04HDgg3brbfvm0m5GyZCmMa3C
B9rp2BqX9agR7zfzPVi3c9DS/piYFi26gaDCwucsBq6jPTFuICAJYnMaXRmZPrvz
DPzlL5hrDOVpDWJl5l2Vv3T1Ag4CtEFaP6DRcfwGNyUeN8P6Api2i/XmIXNv47gl
QsVNQx/rL+veOj/ayFB084CbxzlOX6STMsL/TVPuFjP4vvBTyVBeseFRWAw97bog
nrphjK6eOBMnF25XbF+cg5vzagPsPYh/3wOuZfLFAwcKrTm8KM493xYRacBmRcon
CjUrxAoo7QmdTSBBzd4kRalNS+Mj9QaIqgFBZSFCieYgezU4603GTPpYKDIf993P
xHTqGMln78Uk+JT95MdfUWojk/rPaJ5XprLaOkhnAPEeTcYwH5kYsbmn3tBfpfdM
i4sW6ISDcBLDHvM9JEbUCaCcPP8fIiNwACrZg25RBmMAx+ZdQ6fQpiQ/K2KmByyl
01Vh5VC+mnUQ2W/Gkp5G6SS/ROkbTwQIJhzAAZodK+818x6lz2rRg5srEEWi1RWp
l3043nNcSMdmxJ6Bcd/ErxWeWa5P8rk4UlapJQF4f9Z6JxAj9kds+gBF4OMf9WvB
d6v2I6u3kX/iwXN/SLTF3yrDPIhIyQsJT06UuoXtKJz4vu/IjY2lMK1DFeF/dq9s
kKyqZ9NyimiuxTV8O2dZe0xjk60XDh1vkHmhfnwAMV8XHRqjclgYdcZgQM1+Ze50
scLx3PmqwWlLZ6rYMkeM/ekiLmPknz37/w3Gns2pwHNIClIimH4zkkxSOCXXH+9i
gVgjtcj9nhf8MpJIaNYA7Q2hm9kfA2Vul2EAR8auv1str41haCMrkVLm6c/eomJP
ScLCRr61DGYM4n084enkiWG6iyIwLcZ7ocTTzuxKUKWr34+JQy4Ex11tVbAicPmE
7Mz3JTsuR9b2tXrLQaNh7PlXtbs56vcXqQ4ScaJu58kcGiAdDZkeKRyo0ibeer+e
qd1VGMhrI0St5OJOxMusRJT+hljOf4k96OugI2t39BWN8fQVLAKWYLJZDkDq2kSl
y/Hz1iKxV01M60luHDAoj3AhsN9p7IocV9jPzk+jxXVqjAzJawl4xyBRPlS/2bSw
rOe+ZgKdzhlUR9OoU4/ZiGu35XJHZPZf2rxLAhXfgnAT+3A9Ft/WVXp/d9N4hJuU
Qz1Ln6HyohjMOcPjrz70OXrq7kra4Cevs7rmK773LxDtw+pPfDWMasuy9lSeIulR
+riSNLrffYWXGPINnhVhqmyj6SwcKZUY/eosEwvorWAC5krt+juVzJjKTOzczTvX
ETQCSXmLG5M+oiiYzH0zqLVUkqHvW4flNYsvkQw4V2BLarzwMNq2lF35WAU6VA9J
bYw/3iAl7zZEJuE7+e5ObL/sWt6GwFf78QVMgsKonoxtDQ4B7DjVGw/WTKlon9fV
4jSZhlw81nX5GhnvrnkYhiD2Y+6ZEzcUIoB4WjzBLQ2B4rf6jy686Tl52yuydZpU
s10dX8yDbqUPBkzi3uvocFOKZd80hHq+3cy4IKP40fB1fwUcQlAj2bKgOPYg+oGB
-----END RSA PRIVATE KEY-----

253
programs/test/benchmark.c Normal file
View File

@@ -0,0 +1,253 @@
/*
* Benchmark demonstration program
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include "xyssl/config.h"
#include "xyssl/md4.h"
#include "xyssl/md5.h"
#include "xyssl/sha1.h"
#include "xyssl/sha2.h"
#include "xyssl/arc4.h"
#include "xyssl/des.h"
#include "xyssl/aes.h"
#include "xyssl/rsa.h"
#include "xyssl/timing.h"
#define BUFSIZE 1024
static int myrand( void *rng_state )
{
if( rng_state != NULL )
rng_state = NULL;
return( rand() );
}
unsigned char buf[BUFSIZE];
int main( void )
{
int keysize;
unsigned long i, j, tsc;
unsigned char tmp[32];
#if defined(XYSSL_ARC4_C)
arc4_context arc4;
#endif
#if defined(XYSSL_DES_C)
des3_context des3;
des_context des;
#endif
#if defined(XYSSL_AES_C)
aes_context aes;
#endif
#if defined(XYSSL_RSA_C)
rsa_context rsa;
#endif
memset( buf, 0xAA, sizeof( buf ) );
printf( "\n" );
#if defined(XYSSL_MD4_C)
printf( " MD4 : " );
fflush( stdout );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
md4( buf, BUFSIZE, tmp );
tsc = hardclock();
for( j = 0; j < 1024; j++ )
md4( buf, BUFSIZE, tmp );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif
#if defined(XYSSL_MD5_C)
printf( " MD5 : " );
fflush( stdout );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
md5( buf, BUFSIZE, tmp );
tsc = hardclock();
for( j = 0; j < 1024; j++ )
md5( buf, BUFSIZE, tmp );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif
#if defined(XYSSL_SHA1_C)
printf( " SHA-1 : " );
fflush( stdout );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
sha1( buf, BUFSIZE, tmp );
tsc = hardclock();
for( j = 0; j < 1024; j++ )
sha1( buf, BUFSIZE, tmp );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif
#if defined(XYSSL_SHA2_C)
printf( " SHA-256 : " );
fflush( stdout );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
sha2( buf, BUFSIZE, tmp, 0 );
tsc = hardclock();
for( j = 0; j < 1024; j++ )
sha2( buf, BUFSIZE, tmp, 0 );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif
#if defined(XYSSL_ARC4_C)
printf( " ARC4 : " );
fflush( stdout );
arc4_setup( &arc4, tmp, 32 );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
arc4_crypt( &arc4, buf, BUFSIZE );
tsc = hardclock();
for( j = 0; j < 1024; j++ )
arc4_crypt( &arc4, buf, BUFSIZE );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif
#if defined(XYSSL_DES_C)
printf( " 3DES : " );
fflush( stdout );
des3_set3key_enc( &des3, tmp );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
des3_crypt_cbc( &des3, DES_ENCRYPT, BUFSIZE, tmp, buf, buf );
tsc = hardclock();
for( j = 0; j < 1024; j++ )
des3_crypt_cbc( &des3, DES_ENCRYPT, BUFSIZE, tmp, buf, buf );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
printf( " DES : " );
fflush( stdout );
des_setkey_enc( &des, tmp );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
des_crypt_cbc( &des, DES_ENCRYPT, BUFSIZE, tmp, buf, buf );
tsc = hardclock();
for( j = 0; j < 1024; j++ )
des_crypt_cbc( &des, DES_ENCRYPT, BUFSIZE, tmp, buf, buf );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif
#if defined(XYSSL_AES_C)
for( keysize = 128; keysize <= 256; keysize += 64 )
{
printf( " AES-%d : ", keysize );
fflush( stdout );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
aes_setkey_enc( &aes, tmp, keysize );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
aes_crypt_cbc( &aes, AES_ENCRYPT, BUFSIZE, tmp, buf, buf );
tsc = hardclock();
for( j = 0; j < 4096; j++ )
aes_crypt_cbc( &aes, AES_ENCRYPT, BUFSIZE, tmp, buf, buf );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
}
#endif
#if defined(XYSSL_RSA_C)
rsa_init( &rsa, RSA_PKCS_V15, 0, myrand, NULL );
rsa_gen_key( &rsa, 1024, 65537 );
printf( " RSA-1024 : " );
fflush( stdout );
set_alarm( 3 );
for( i = 1; ! alarmed; i++ )
{
buf[0] = 0;
rsa_public( &rsa, buf, buf );
}
printf( "%9lu public/s\n", i / 3 );
printf( " RSA-1024 : " );
fflush( stdout );
set_alarm( 3 );
for( i = 1; ! alarmed; i++ )
{
buf[0] = 0;
rsa_private( &rsa, buf, buf );
}
printf( "%9lu private/s\n\n", i / 3 );
rsa_free( &rsa );
#endif
#ifdef WIN32
printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( 0 );
}

131
programs/test/selftest.c Normal file
View File

@@ -0,0 +1,131 @@
/*
* Self-test demonstration program
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#include <string.h>
#include <stdio.h>
#include "xyssl/config.h"
#include "xyssl/md2.h"
#include "xyssl/md4.h"
#include "xyssl/md5.h"
#include "xyssl/sha1.h"
#include "xyssl/sha2.h"
#include "xyssl/sha4.h"
#include "xyssl/arc4.h"
#include "xyssl/des.h"
#include "xyssl/aes.h"
#include "xyssl/base64.h"
#include "xyssl/bignum.h"
#include "xyssl/rsa.h"
#include "xyssl/x509.h"
int main( int argc, char *argv[] )
{
int ret, v;
if( argc == 2 && strcmp( argv[1], "-quiet" ) == 0 )
v = 0;
else
{
v = 1;
printf( "\n" );
}
#if defined(XYSSL_MD2_C)
if( ( ret = md2_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(XYSSL_MD4_C)
if( ( ret = md4_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(XYSSL_MD5_C)
if( ( ret = md5_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(XYSSL_SHA1_C)
if( ( ret = sha1_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(XYSSL_SHA2_C)
if( ( ret = sha2_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(XYSSL_SHA4_C)
if( ( ret = sha4_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(XYSSL_ARC4_C)
if( ( ret = arc4_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(XYSSL_DES_C)
if( ( ret = des_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(XYSSL_AES_C)
if( ( ret = aes_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(XYSSL_BASE64_C)
if( ( ret = base64_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(XYSSL_BIGNUM_C)
if( ( ret = mpi_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(XYSSL_RSA_C)
if( ( ret = rsa_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(XYSSL_X509_C)
if( ( ret = x509_self_test( v ) ) != 0 )
return( ret );
#endif
if( v != 0 )
{
printf( " [ All tests passed ]\n\n" );
#ifdef WIN32
printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
}
return( ret );
}

580
programs/test/ssl_test.c Normal file
View File

@@ -0,0 +1,580 @@
/*
* SSL/TLS stress testing program
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include "xyssl/net.h"
#include "xyssl/ssl.h"
#include "xyssl/havege.h"
#include "xyssl/timing.h"
#include "xyssl/certs.h"
#define OPMODE_NONE 0
#define OPMODE_CLIENT 1
#define OPMODE_SERVER 2
#define IOMODE_BLOCK 0
#define IOMODE_NONBLOCK 1
#define COMMAND_READ 1
#define COMMAND_WRITE 2
#define COMMAND_BOTH 3
#define DFL_OPMODE OPMODE_NONE
#define DFL_IOMODE IOMODE_BLOCK
#define DFL_SERVER_NAME "localhost"
#define DFL_SERVER_PORT 4433
#define DFL_COMMAND COMMAND_READ
#define DFL_BUFFER_SIZE 1024
#define DFL_MAX_BYTES 0
#define DFL_DEBUG_LEVEL 0
#define DFL_CONN_TIMEOUT 0
#define DFL_MAX_CONNECTIONS 0
#define DFL_SESSION_REUSE 1
#define DFL_SESSION_LIFETIME 86400
#define DFL_FORCE_CIPHER 0
/*
* server-specific data
*/
char *dhm_G = "4";
char *dhm_P =
"E4004C1F94182000103D883A448B3F802CE4B44A83301270002C20D0321CFD00" \
"11CCEF784C26A400F43DFB901BCA7538F2C6B176001CF5A0FD16D2C48B1D0C1C" \
"F6AC8E1DA6BCC3B4E1F96B0564965300FFA1D0B601EB2800F489AA512C4B248C" \
"01F76949A60BB7F00A40B1EAB64BDD48E8A700D60B7F1200FA8E77B0A979DABF";
int server_fd = -1;
/*
* global options
*/
struct options
{
int opmode; /* operation mode (client or server) */
int iomode; /* I/O mode (blocking or non-blocking) */
char *server_name; /* hostname of the server (client only) */
int server_port; /* port on which the ssl service runs */
int command; /* what to do: read or write operation */
int buffer_size; /* size of the send/receive buffer */
int max_bytes; /* max. # of bytes before a reconnect */
int debug_level; /* level of debugging */
int conn_timeout; /* max. delay before a reconnect */
int max_connections; /* max. number of reconnections */
int session_reuse; /* flag to reuse the keying material */
int session_lifetime; /* if reached, session data is expired */
int force_cipher[2]; /* protocol/cipher to use, or all */
};
/*
* Although this PRNG has good statistical properties (eg. passes
* DIEHARD), it is not cryptographically secure.
*/
unsigned long int lcppm5( unsigned long int *state )
{
unsigned long int u, v;
u = v = state[4] ^ 1;
state[u & 3] ^= u;
u ^= (v << 12) ^ (v >> 12);
u ^= v * state[0]; v >>= 8;
u ^= v * state[1]; v >>= 8;
u ^= v * state[2]; v >>= 8;
u ^= v * state[3];
u &= 0xFFFFFFFF;
state[4] = u;
return( u );
}
void my_debug( void *ctx, int level, char *str )
{
if( level < ((struct options *) ctx)->debug_level )
fprintf( stderr, "%s", str );
}
/*
* perform a single SSL connection
*/
static int ssl_test( struct options *opt )
{
int ret, i;
int client_fd;
int bytes_to_read;
int bytes_to_write;
int offset_to_read;
int offset_to_write;
long int nb_read;
long int nb_written;
unsigned long read_state[5];
unsigned long write_state[5];
unsigned char *read_buf;
unsigned char *write_buf;
struct hr_time t;
havege_state hs;
ssl_context ssl;
ssl_session ssn;
x509_cert srvcert;
rsa_context rsa;
ret = 1;
havege_init( &hs );
get_timer( &t, 1 );
memset( read_state, 0, sizeof( read_state ) );
memset( write_state, 0, sizeof( write_state ) );
memset( &srvcert, 0, sizeof( x509_cert ) );
memset( &rsa, 0, sizeof( rsa_context ) );
if( opt->opmode == OPMODE_CLIENT )
{
if( ( ret = net_connect( &client_fd, opt->server_name,
opt->server_port ) ) != 0 )
{
printf( " ! net_connect returned %d\n\n", ret );
return( ret );
}
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " ! ssl_init returned %d\n\n", ret );
return( ret );
}
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
}
if( opt->opmode == OPMODE_SERVER )
{
ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
strlen( test_srv_crt ) );
if( ret != 0 )
{
printf( " ! x509parse_crt returned %d\n\n", ret );
goto exit;
}
ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
strlen( test_ca_crt ) );
if( ret != 0 )
{
printf( " ! x509parse_crt returned %d\n\n", ret );
goto exit;
}
ret = x509parse_key( &rsa, (unsigned char *) test_srv_key,
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
{
printf( " ! x509parse_key returned %d\n\n", ret );
goto exit;
}
if( server_fd < 0 )
{
if( ( ret = net_bind( &server_fd, NULL,
opt->server_port ) ) != 0 )
{
printf( " ! net_bind returned %d\n\n", ret );
return( ret );
}
}
if( ( ret = net_accept( server_fd, &client_fd, NULL ) ) != 0 )
{
printf( " ! net_accept returned %d\n\n", ret );
return( ret );
}
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " ! ssl_init returned %d\n\n", ret );
return( ret );
}
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_dh_param( &ssl, dhm_P, dhm_G );
ssl_set_ca_chain( &ssl, srvcert.next, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa );
}
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
ssl_set_rng( &ssl, havege_rand, &hs );
ssl_set_dbg( &ssl, my_debug, opt );
ssl_set_bio( &ssl, net_recv, &client_fd,
net_send, &client_fd );
ssl_set_session( &ssl, opt->session_reuse,
opt->session_lifetime, &ssn );
if( opt->force_cipher[0] == DFL_FORCE_CIPHER )
ssl_set_ciphers( &ssl, ssl_default_ciphers );
else ssl_set_ciphers( &ssl, opt->force_cipher );
if( opt->iomode == IOMODE_NONBLOCK )
net_set_nonblock( client_fd );
read_buf = (unsigned char *) malloc( opt->buffer_size );
write_buf = (unsigned char *) malloc( opt->buffer_size );
if( read_buf == NULL || write_buf == NULL )
{
printf( " ! malloc(%d bytes) failed\n\n", opt->buffer_size );
goto exit;
}
nb_read = bytes_to_read = 0;
nb_written = bytes_to_write = 0;
while( 1 )
{
if( opt->command & COMMAND_WRITE )
{
if( bytes_to_write == 0 )
{
while( bytes_to_write == 0 )
bytes_to_write = rand() % opt->buffer_size;
for( i = 0; i < bytes_to_write; i++ )
write_buf[i] = (unsigned char) lcppm5( write_state );
offset_to_write = 0;
}
ret = ssl_write( &ssl, write_buf + offset_to_write,
bytes_to_write );
if( ret >= 0 )
{
nb_written += ret;
bytes_to_write -= ret;
offset_to_write += ret;
}
if( ret == XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY ||
ret == XYSSL_ERR_NET_CONN_RESET )
{
ret = 0;
goto exit;
}
if( ret < 0 && ret != XYSSL_ERR_NET_TRY_AGAIN )
{
printf( " ! ssl_write returned %d\n\n", ret );
break;
}
}
if( opt->command & COMMAND_READ )
{
if( bytes_to_read == 0 )
{
bytes_to_read = rand() % opt->buffer_size;
offset_to_read = 0;
}
ret = ssl_read( &ssl, read_buf + offset_to_read,
bytes_to_read );
if( ret >= 0 )
{
for( i = 0; i < ret; i++ )
{
if( read_buf[offset_to_read + i] !=
(unsigned char) lcppm5( read_state ) )
{
ret = 1;
printf( " ! plaintext mismatch\n\n" );
goto exit;
}
}
nb_read += ret;
bytes_to_read -= ret;
offset_to_read += ret;
}
if( ret == XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY ||
ret == XYSSL_ERR_NET_CONN_RESET )
{
ret = 0;
goto exit;
}
if( ret < 0 && ret != XYSSL_ERR_NET_TRY_AGAIN )
{
printf( " ! ssl_read returned %d\n\n", ret );
break;
}
}
ret = 0;
if( opt->max_bytes != 0 &&
( opt->max_bytes <= nb_read ||
opt->max_bytes <= nb_written ) )
break;
if( opt->conn_timeout != 0 &&
opt->conn_timeout <= (int) get_timer( &t, 0 ) )
break;
}
exit:
fflush( stdout );
if( read_buf != NULL )
free( read_buf );
if( write_buf != NULL )
free( write_buf );
ssl_close_notify( &ssl );
x509_free( &srvcert );
rsa_free( &rsa );
ssl_free( &ssl );
net_close( client_fd );
return( ret );
}
#define USAGE \
"\n usage: ssl_test opmode=<> command=<>...\n" \
"\n acceptable parameters:\n" \
" opmode=client/server default: <none>\n" \
" iomode=block/nonblock default: block\n" \
" server_name=%%s default: localhost\n" \
" server_port=%%d default: 4433\n" \
" command=read/write/both default: read\n" \
" buffer_size=%%d (bytes) default: 1024\n" \
" max_bytes=%%d (bytes) default: 0 (no limit)\n" \
" debug_level=%%d default: 0 (disabled)\n" \
" conn_timeout=%%d (ms) default: 0 (no timeout)\n" \
" max_connections=%%d default: 0 (no limit)\n" \
" session_reuse=on/off default: on (enabled)\n" \
" session_lifetime=%%d (s) default: 86400\n" \
" force_cipher=<name> default: all enabled\n" \
" acceptable cipher names:\n" \
" SSL_RSA_RC4_128_MD5 SSL_RSA_RC4_128_SHA\n" \
" SSL_RSA_DES_168_SHA SSL_EDH_RSA_DES_168_SHA\n" \
" SSL_RSA_AES_128_SHA SSL_EDH_RSA_AES_256_SHA\n" \
" SSL_RSA_AES_256_SHA\n\n"
int main( int argc, char *argv[] )
{
int i, j, n;
int ret = 1;
int nb_conn;
char *p, *q;
struct options opt;
if( argc == 1 )
{
usage:
printf( USAGE );
goto exit;
}
opt.opmode = DFL_OPMODE;
opt.iomode = DFL_IOMODE;
opt.server_name = DFL_SERVER_NAME;
opt.server_port = DFL_SERVER_PORT;
opt.command = DFL_COMMAND;
opt.buffer_size = DFL_BUFFER_SIZE;
opt.max_bytes = DFL_MAX_BYTES;
opt.debug_level = DFL_DEBUG_LEVEL;
opt.conn_timeout = DFL_CONN_TIMEOUT;
opt.max_connections = DFL_MAX_CONNECTIONS;
opt.session_reuse = DFL_SESSION_REUSE;
opt.session_lifetime = DFL_SESSION_LIFETIME;
opt.force_cipher[0] = DFL_FORCE_CIPHER;
for( i = 1; i < argc; i++ )
{
n = strlen( argv[i] );
for( j = 0; j < n; j++ )
{
if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
argv[i][j] |= 0x20;
}
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
continue;
*q++ = '\0';
if( strcmp( p, "opmode" ) == 0 )
{
if( strcmp( q, "client" ) == 0 )
opt.opmode = OPMODE_CLIENT;
else
if( strcmp( q, "server" ) == 0 )
opt.opmode = OPMODE_SERVER;
else goto usage;
}
if( strcmp( p, "iomode" ) == 0 )
{
if( strcmp( q, "block" ) == 0 )
opt.iomode = IOMODE_BLOCK;
else
if( strcmp( q, "nonblock" ) == 0 )
opt.iomode = IOMODE_NONBLOCK;
else goto usage;
}
if( strcmp( p, "server_name" ) == 0 )
opt.server_name = q;
if( strcmp( p, "server_port" ) == 0 )
{
opt.server_port = atoi( q );
if( opt.server_port < 1 || opt.server_port > 65535 )
goto usage;
}
if( strcmp( p, "command" ) == 0 )
{
if( strcmp( q, "read" ) == 0 )
opt.command = COMMAND_READ;
else
if( strcmp( q, "write" ) == 0 )
opt.command = COMMAND_WRITE;
else
if( strcmp( q, "both" ) == 0 )
{
opt.iomode = IOMODE_NONBLOCK;
opt.command = COMMAND_BOTH;
}
else goto usage;
}
if( strcmp( p, "buffer_size" ) == 0 )
{
opt.buffer_size = atoi( q );
if( opt.buffer_size < 1 || opt.buffer_size > 1048576 )
goto usage;
}
if( strcmp( p, "max_bytes" ) == 0 )
opt.max_bytes = atoi( q );
if( strcmp( p, "debug_level" ) == 0 )
opt.debug_level = atoi( q );
if( strcmp( p, "conn_timeout" ) == 0 )
opt.conn_timeout = atoi( q );
if( strcmp( p, "max_connections" ) == 0 )
opt.max_connections = atoi( q );
if( strcmp( p, "session_reuse" ) == 0 )
{
if( strcmp( q, "on" ) == 0 )
opt.session_reuse = 1;
else
if( strcmp( q, "off" ) == 0 )
opt.session_reuse = 0;
else
goto usage;
}
if( strcmp( p, "session_lifetime" ) == 0 )
opt.session_lifetime = atoi( q );
if( strcmp( p, "force_cipher" ) == 0 )
{
opt.force_cipher[0] = -1;
if( strcmp( q, "ssl_rsa_rc4_128_md5" ) == 0 )
opt.force_cipher[0] = SSL_RSA_RC4_128_MD5;
if( strcmp( q, "ssl_rsa_rc4_128_sha" ) == 0 )
opt.force_cipher[0] = SSL_RSA_RC4_128_SHA;
if( strcmp( q, "ssl_rsa_des_168_sha" ) == 0 )
opt.force_cipher[0] = SSL_RSA_DES_168_SHA;
if( strcmp( q, "ssl_edh_rsa_des_168_sha" ) == 0 )
opt.force_cipher[0] = SSL_EDH_RSA_DES_168_SHA;
if( strcmp( q, "ssl_rsa_aes_128_sha" ) == 0 )
opt.force_cipher[0] = SSL_RSA_AES_128_SHA;
if( strcmp( q, "ssl_rsa_aes_256_sha" ) == 0 )
opt.force_cipher[0] = SSL_RSA_AES_256_SHA;
if( strcmp( q, "ssl_edh_rsa_aes_256_sha" ) == 0 )
opt.force_cipher[0] = SSL_EDH_RSA_AES_256_SHA;
if( opt.force_cipher[0] < 0 )
goto usage;
opt.force_cipher[1] = 0;
}
}
switch( opt.opmode )
{
case OPMODE_CLIENT:
break;
case OPMODE_SERVER:
break;
default:
goto usage;
}
nb_conn = 0;
do {
nb_conn++;
ret = ssl_test( &opt );
if( opt.max_connections != 0 &&
opt.max_connections <= nb_conn )
break;
}
while( ret == 0 );
exit:
#ifdef WIN32
printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}