summaryrefslogtreecommitdiff
path: root/keyexchange/isakmpd-20041012/regress/x509
diff options
context:
space:
mode:
Diffstat (limited to 'keyexchange/isakmpd-20041012/regress/x509')
-rw-r--r--keyexchange/isakmpd-20041012/regress/x509/.cvsignore2
-rw-r--r--keyexchange/isakmpd-20041012/regress/x509/Makefile95
-rw-r--r--keyexchange/isakmpd-20041012/regress/x509/x509test.c291
3 files changed, 0 insertions, 388 deletions
diff --git a/keyexchange/isakmpd-20041012/regress/x509/.cvsignore b/keyexchange/isakmpd-20041012/regress/x509/.cvsignore
deleted file mode 100644
index 9863c98..0000000
--- a/keyexchange/isakmpd-20041012/regress/x509/.cvsignore
+++ /dev/null
@@ -1,2 +0,0 @@
-x509test
-obj
diff --git a/keyexchange/isakmpd-20041012/regress/x509/Makefile b/keyexchange/isakmpd-20041012/regress/x509/Makefile
deleted file mode 100644
index 2ce1e95..0000000
--- a/keyexchange/isakmpd-20041012/regress/x509/Makefile
+++ /dev/null
@@ -1,95 +0,0 @@
-# $OpenBSD: Makefile,v 1.14 2003/06/03 14:39:51 ho Exp $
-# $EOM: Makefile,v 1.16 2000/09/28 12:53:27 niklas Exp $
-
-#
-# Copyright (c) 1999 Niels Provos. All rights reserved.
-# Copyright (c) 1999, 2001 Niklas Hallqvist. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-#
-# This code was written under funding by Ericsson Radio Systems.
-#
-
-# Test X509
-
-# Enable this if you have a DNSSEC enabled OpenSSL
-#LIBLWRES= /usr/local/lib/liblwres.a
-
-PROG= x509test
-SRCS= x509test.c conf.c log.c libcrypto.c sysdep.c field.c util.c \
- isakmp_fld.c ipsec_fld.c ipsec_num.c isakmp_num.c constants.c \
- cert.c
-TOPSRC= ${.CURDIR}/../..
-TOPOBJ!= cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f-
-OS!= awk '/^OS=/ { print $$2 }' ${.CURDIR}/../../Makefile
-FEATURES!= awk '/^FEATURES=/ { print $$0 }' ${.CURDIR}/../../Makefile | sed 's/FEATURES=.//'
-.PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ}
-CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall \
- -DUSE_X509
-NOMAN=
-DEBUG= -g
-
-.if ${FEATURES:Mgmp} == "gmp"
-CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_GMP
-LDADD+= -lgmp
-DPADD+= ${LIBGMP}
-.else
-CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_OPENSSL
-.endif
-
-.include "${TOPSRC}/sysdep/${OS}/Makefile.sysdep"
-
-.ifdef HAVE_DLOPEN
-X509= x509.c
-POLICY= policy.c
-CFLAGS+= -DHAVE_DLOPEN
-SRCS+= dyn.c
-.endif
-
-.ifdef USE_KEYNOTE
-USE_LIBCRYPTO= yes
-POLICY= policy.c
-LDADD+= -lkeynote -lm
-DPADD+= ${LIBKEYNOTE} ${LIBM}
-CFLAGS+= -DUSE_KEYNOTE
-.endif
-
-.ifdef USE_LIBCRYPTO
-X509= x509.c
-CFLAGS+= -DUSE_LIBCRYPTO
-LDADD+= -lcrypto ${LIBLWRES}
-DPADD+= ${LIBCRYPTO}
-.endif
-
-.if !defined (HAVE_DLOPEN) && !defined (USE_LIBCRYPTO) || !defined (USE_KEYNOTE)
-.BEGIN:
-
-PROG=
-.endif
-
-SRCS+= ${X509} ${POLICY}
-
-LDADD+= ${DESLIB}
-DPADD+= ${DESLIBDEP}
-
-.include <bsd.prog.mk>
diff --git a/keyexchange/isakmpd-20041012/regress/x509/x509test.c b/keyexchange/isakmpd-20041012/regress/x509/x509test.c
deleted file mode 100644
index 25b8bab..0000000
--- a/keyexchange/isakmpd-20041012/regress/x509/x509test.c
+++ /dev/null
@@ -1,291 +0,0 @@
-/* $OpenBSD: x509test.c,v 1.22 2003/06/03 14:39:51 ho Exp $ */
-/* $EOM: x509test.c,v 1.9 2000/12/21 15:24:25 ho Exp $ */
-
-/*
- * Copyright (c) 1998, 1999 Niels Provos. All rights reserved.
- * Copyright (c) 1999, 2001 Niklas Hallqvist. All rights reserved.
- * Copyright (c) 2001 Håkan Olsson. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This code was written under funding by Ericsson Radio Systems.
- */
-
-/*
- * This program takes a certificate generated by ssleay and a key pair
- * from rsakeygen. It reads the IP address from certificate.txt and
- * includes this as subject alt name extension into the certifcate.
- * The result gets written as new certificate that can be used by
- * isakmpd.
- */
-
-#include <sys/param.h>
-#include <sys/types.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <ctype.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-#include "conf.h"
-#include "ipsec_num.h"
-#include "isakmp_fld.h"
-#include "libcrypto.h"
-#include "log.h"
-#include "math_mp.h"
-#include "x509.h"
-
-static int x509_check_subjectaltname (u_char *, u_int, X509 *);
-
-u_int32_t file_sz;
-
-#if 0
-/* XXX Currently unused. */
-static u_int8_t *
-open_file (char *name)
-{
- int fd;
- struct stat st;
- u_int8_t *addr;
-
- if (stat (name, &st) == -1)
- log_fatal ("stat (\"%s\", &st)", name);
- file_sz = st.st_size;
- fd = open (name, O_RDONLY);
- if (fd == -1)
- log_fatal ("open (\"%s\", O_RDONLY)", name);
- addr = mmap (0, file_sz, PROT_READ | PROT_WRITE, MAP_FILE | MAP_PRIVATE,
- fd, 0);
- if (addr == MAP_FAILED)
- log_fatal ("mmap (0, %d, PROT_READ | PROT_WRITE, MAP_FILE | MAP_PRIVATE,"
- "%d, 0)", file_sz, fd);
- close (fd);
-
- return addr;
-}
-#endif
-
-/*
- * Check that a certificate has a subjectAltName and that it matches our ID.
- */
-static int
-x509_check_subjectaltname (u_char *id, u_int id_len, X509 *scert)
-{
- u_int8_t *altname;
- u_int32_t altlen;
- int type, idtype, ret;
-
- type = x509_cert_subjectaltname (scert, &altname, &altlen);
- if (!type)
- {
- log_print ("x509_check_subjectaltname: can't access subjectAltName");
- return 0;
- }
-
- /*
- * Now that we have the X509 certicate in native form, get the
- * subjectAltName extension and verify that it matches our ID.
- */
-
- /* XXX Get type of ID. */
- idtype = id[0];
- id += ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ;
- id_len -= ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ;
-
- ret = 0;
- switch (idtype)
- {
- case IPSEC_ID_IPV4_ADDR:
- if (type == X509v3_IP_ADDR)
- ret = 1;
- break;
- case IPSEC_ID_FQDN:
- if (type == X509v3_DNS_NAME)
- ret = 1;
- break;
- case IPSEC_ID_USER_FQDN:
- if (type == X509v3_RFC_NAME)
- ret = 1;
- break;
- default:
- ret = 0;
- break;
- }
-
- if (!ret)
- {
- LOG_DBG ((LOG_CRYPTO, 50,
- "x509_check_subjectaltname: "
- "our ID type (%d) does not match X509 cert ID type (%d)",
- idtype, type));
- return 0;
- }
-
- if (altlen != id_len || memcmp (altname, id, id_len) != 0)
- {
- LOG_DBG ((LOG_CRYPTO, 50,
- "x509_check_subjectaltname: "
- "our ID does not match X509 cert ID"));
- return 0;
- }
-
- return 1;
-}
-
-int
-main (int argc, char *argv[])
-{
- RSA *pub_key, *priv_key;
- X509 *cert;
- BIO *certfile, *keyfile;
- EVP_PKEY *pkey_pub;
- u_char ipaddr[6];
- struct in_addr saddr;
- char enc[256], dec[256];
- u_int8_t idpayload[8];
- int err, len;
-
- if (argc < 3 || argc > 4)
- {
- fprintf (stderr, "usage: x509test private-key certificate ip-address\n");
- exit (1);
- }
-
- /*
- * X509_verify will fail, as will all other functions that call
- * EVP_get_digest_byname.
- */
-
- libcrypto_init ();
-
- printf ("Reading private key %s\n", argv[1]);
- keyfile = BIO_new (BIO_s_file ());
- if (BIO_read_filename (keyfile, argv[1]) == -1)
- {
- perror ("read");
- exit (1);
- }
-#if SSLEAY_VERSION_NUMBER >= 0x00904100L
- priv_key = PEM_read_bio_RSAPrivateKey (keyfile, NULL, NULL, NULL);
-#else
- priv_key = PEM_read_bio_RSAPrivateKey (keyfile, NULL, NULL);
-#endif
- BIO_free (keyfile);
- if (priv_key == NULL)
- {
- printf("PEM_read_bio_RSAPrivateKey () failed\n");
- exit (1);
- }
-
- /* Use a certificate created by ssleay. */
- printf ("Reading ssleay created certificate %s\n", argv[2]);
- certfile = BIO_new (BIO_s_file ());
- if (BIO_read_filename (certfile, argv[2]) == -1)
- {
- perror ("read");
- exit (1);
- }
-#if SSLEAY_VERSION_NUMBER >= 0x00904100L
- cert = PEM_read_bio_X509 (certfile, NULL, NULL, NULL);
-#else
- cert = PEM_read_bio_X509 (certfile, NULL, NULL);
-#endif
- BIO_free (certfile);
- if (cert == NULL)
- {
- printf("PEM_read_bio_X509 () failed\n");
- exit (1);
- }
-
- pkey_pub = X509_get_pubkey (cert);
- /* XXX Violation of the interface? */
- pub_key = pkey_pub->pkey.rsa;
- if (pub_key == NULL)
- {
- exit (1);
- }
-
- printf ("Testing RSA keys: ");
-
- err = 0;
- strlcpy (dec, "Eine kleine Testmeldung", 256);
- if ((len = RSA_private_encrypt (strlen (dec), dec, enc, priv_key,
- RSA_PKCS1_PADDING)) == -1)
-
- printf ("SIGN FAILED ");
- else
- err = RSA_public_decrypt (len, enc, dec, pub_key, RSA_PKCS1_PADDING);
-
- if (err == -1 || strcmp (dec, "Eine kleine Testmeldung"))
- printf ("SIGN/VERIFY FAILED");
- else
- printf ("OKAY");
- printf ("\n");
-
-
- printf ("Validate SIGNED: ");
- err = X509_verify (cert, pkey_pub);
- printf ("X509 verify: %d ", err);
- if (err == -1)
- printf ("FAILED ");
- else
- printf ("OKAY ");
- printf ("\n");
-
- if (argc == 4)
- {
- printf ("Verifying extension: ");
- if (inet_aton (argv[3], &saddr) == 0)
- {
- printf ("inet_aton () failed\n");
- exit (1);
- }
-
- saddr.s_addr = htonl (saddr.s_addr);
- ipaddr[0] = 0x87;
- ipaddr[1] = 0x04;
- ipaddr[2] = saddr.s_addr >> 24;
- ipaddr[3] = (saddr.s_addr >> 16) & 0xff;
- ipaddr[4] = (saddr.s_addr >> 8) & 0xff;
- ipaddr[5] = saddr.s_addr & 0xff;
- bzero (idpayload, sizeof idpayload);
- idpayload[0] = IPSEC_ID_IPV4_ADDR;
- bcopy (ipaddr + 2, idpayload + 4, 4);
-
- if (!x509_check_subjectaltname (idpayload, sizeof idpayload, cert))
- printf("FAILED ");
- else
- printf("OKAY ");
- printf ("\n");
- }
-
- return 1;
-}