Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 0344c602eadc0802776b65ff90f0a02c856cf53c / . / tests / suites / test_suite_x509parse.function
blob: f3ae0f4d0a84f52cec7092dcfa6d115c821b5dc3 [file] [log] [blame]
Tom Rini0344c602024-10-08 13:56:50 -0600[diff] [blame^]1/* BEGIN_HEADER */
2#include "mbedtls/bignum.h"
3#include "mbedtls/x509.h"
4#include "mbedtls/x509_crt.h"
5#include "mbedtls/x509_crl.h"
6#include "mbedtls/x509_csr.h"
7#include "x509_internal.h"
8#include "mbedtls/pem.h"
9#include "mbedtls/oid.h"
10#include "mbedtls/base64.h"
11#include "mbedtls/error.h"
12#include "mbedtls/pk.h"
13#include "string.h"
14
15#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
16#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
17 than the current threshold 19. To test larger values, please \
18 adapt the script tests/data_files/dir-max/long.sh."
19#endif
20
21/* Test-only profile allowing all digests, PK algorithms, and curves. */
22const mbedtls_x509_crt_profile profile_all =
23{
24 0xFFFFFFFF, /* Any MD */
25 0xFFFFFFFF, /* Any PK alg */
26 0xFFFFFFFF, /* Any curve */
27 1024,
28};
29
30/* Profile for backward compatibility. Allows SHA-1, unlike the default
31 profile. */
32const mbedtls_x509_crt_profile compat_profile =
33{
34 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1) |
35 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_RIPEMD160) |
36 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA224) |
37 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
38 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) |
39 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
40 0xFFFFFFFF, /* Any PK alg */
41 0xFFFFFFFF, /* Any curve */
42 1024,
43};
44
45const mbedtls_x509_crt_profile profile_rsa3072 =
46{
47 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
48 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) |
49 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
50 MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_RSA),
51 0,
52 3072,
53};
54
55const mbedtls_x509_crt_profile profile_sha512 =
56{
57 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
58 0xFFFFFFFF, /* Any PK alg */
59 0xFFFFFFFF, /* Any curve */
60 1024,
61};
62
63int verify_none(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags)
64{
65 ((void) data);
66 ((void) crt);
67 ((void) certificate_depth);
68 *flags |= MBEDTLS_X509_BADCERT_OTHER;
69
70 return 0;
71}
72
73int verify_all(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags)
74{
75 ((void) data);
76 ((void) crt);
77 ((void) certificate_depth);
78 *flags = 0;
79
80 return 0;
81}
82
83#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
84int ca_callback_fail(void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates)
85{
86 ((void) data);
87 ((void) child);
88 ((void) candidates);
89
90 return -1;
91}
92#if defined(MBEDTLS_X509_CRT_PARSE_C)
93int ca_callback(void *data, mbedtls_x509_crt const *child,
94 mbedtls_x509_crt **candidates)
95{
96 int ret = 0;
97 mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
98 mbedtls_x509_crt *first;
99
100 /* This is a test-only implementation of the CA callback
101 * which always returns the entire list of trusted certificates.
102 * Production implementations managing a large number of CAs
103 * should use an efficient presentation and lookup for the
104 * set of trusted certificates (such as a hashtable) and only
105 * return those trusted certificates which satisfy basic
106 * parental checks, such as the matching of child `Issuer`
107 * and parent `Subject` field. */
108 ((void) child);
109
110 first = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
111 if (first == NULL) {
112 ret = -1;
113 goto exit;
114 }
115 mbedtls_x509_crt_init(first);
116
117 if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
118 ret = -1;
119 goto exit;
120 }
121
122 while (ca->next != NULL) {
123 ca = ca->next;
124 if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
125 ret = -1;
126 goto exit;
127 }
128 }
129
130exit:
131
132 if (ret != 0) {
133 mbedtls_x509_crt_free(first);
134 mbedtls_free(first);
135 first = NULL;
136 }
137
138 *candidates = first;
139 return ret;
140}
141#endif /* MBEDTLS_X509_CRT_PARSE_C */
142#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
143
144int verify_fatal(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags)
145{
146 int *levels = (int *) data;
147
148 ((void) crt);
149 ((void) certificate_depth);
150
151 /* Simulate a fatal error in the callback */
152 if (*levels & (1 << certificate_depth)) {
153 *flags |= (1 << certificate_depth);
154 return -1 - certificate_depth;
155 }
156
157 return 0;
158}
159
160/* strsep() not available on Windows */
161char *mystrsep(char **stringp, const char *delim)
162{
163 const char *p;
164 char *ret = *stringp;
165
166 if (*stringp == NULL) {
167 return NULL;
168 }
169
170 for (;; (*stringp)++) {
171 if (**stringp == '\0') {
172 *stringp = NULL;
173 goto done;
174 }
175
176 for (p = delim; *p != '\0'; p++) {
177 if (**stringp == *p) {
178 **stringp = '\0';
179 (*stringp)++;
180 goto done;
181 }
182 }
183 }
184
185done:
186 return ret;
187}
188
189#if defined(MBEDTLS_X509_CRT_PARSE_C)
190typedef struct {
191 char buf[512];
192 char *p;
193} verify_print_context;
194
195void verify_print_init(verify_print_context *ctx)
196{
197 memset(ctx, 0, sizeof(verify_print_context));
198 ctx->p = ctx->buf;
199}
200
201int verify_print(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags)
202{
203 int ret;
204 verify_print_context *ctx = (verify_print_context *) data;
205 char *p = ctx->p;
206 size_t n = ctx->buf + sizeof(ctx->buf) - ctx->p;
207 ((void) flags);
208
209 ret = mbedtls_snprintf(p, n, "depth %d - serial ", certificate_depth);
210 MBEDTLS_X509_SAFE_SNPRINTF;
211
212 ret = mbedtls_x509_serial_gets(p, n, &crt->serial);
213 MBEDTLS_X509_SAFE_SNPRINTF;
214
215 ret = mbedtls_snprintf(p, n, " - subject ");
216 MBEDTLS_X509_SAFE_SNPRINTF;
217
218 ret = mbedtls_x509_dn_gets(p, n, &crt->subject);
219 MBEDTLS_X509_SAFE_SNPRINTF;
220
221 ret = mbedtls_snprintf(p, n, " - flags 0x%08x\n", *flags);
222 MBEDTLS_X509_SAFE_SNPRINTF;
223
224 ctx->p = p;
225
226 return 0;
227}
228
229int verify_parse_san(mbedtls_x509_subject_alternative_name *san,
230 char **buf, size_t *size)
231{
232 int ret;
233 size_t i;
234 char *p = *buf;
235 size_t n = *size;
236
237 ret = mbedtls_snprintf(p, n, "type : %d", san->type);
238 MBEDTLS_X509_SAFE_SNPRINTF;
239
240 switch (san->type) {
241 case (MBEDTLS_X509_SAN_OTHER_NAME):
242 ret = mbedtls_snprintf(p, n, "\notherName :");
243 MBEDTLS_X509_SAFE_SNPRINTF;
244
245 if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME,
246 &san->san.other_name.type_id) == 0) {
247 ret = mbedtls_snprintf(p, n, " hardware module name :");
248 MBEDTLS_X509_SAFE_SNPRINTF;
249 ret = mbedtls_snprintf(p, n, " hardware type : ");
250 MBEDTLS_X509_SAFE_SNPRINTF;
251
252 ret = mbedtls_oid_get_numeric_string(p,
253 n,
254 &san->san.other_name.value.hardware_module_name
255 .oid);
256 MBEDTLS_X509_SAFE_SNPRINTF;
257
258 ret = mbedtls_snprintf(p, n, ", hardware serial number : ");
259 MBEDTLS_X509_SAFE_SNPRINTF;
260
261 for (i = 0; i < san->san.other_name.value.hardware_module_name.val.len; i++) {
262 ret = mbedtls_snprintf(p,
263 n,
264 "%02X",
265 san->san.other_name.value.hardware_module_name.val.p[i]);
266 MBEDTLS_X509_SAFE_SNPRINTF;
267 }
268 }
269 break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */
270 case (MBEDTLS_X509_SAN_DNS_NAME):
271 ret = mbedtls_snprintf(p, n, "\ndNSName : ");
272 MBEDTLS_X509_SAFE_SNPRINTF;
273 if (san->san.unstructured_name.len >= n) {
274 *p = '\0';
275 return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
276 }
277 n -= san->san.unstructured_name.len;
278 for (i = 0; i < san->san.unstructured_name.len; i++) {
279 *p++ = san->san.unstructured_name.p[i];
280 }
281 break;/* MBEDTLS_X509_SAN_DNS_NAME */
282 case (MBEDTLS_X509_SAN_RFC822_NAME):
283 ret = mbedtls_snprintf(p, n, "\nrfc822Name : ");
284 MBEDTLS_X509_SAFE_SNPRINTF;
285 if (san->san.unstructured_name.len >= n) {
286 *p = '\0';
287 return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
288 }
289 n -= san->san.unstructured_name.len;
290 for (i = 0; i < san->san.unstructured_name.len; i++) {
291 *p++ = san->san.unstructured_name.p[i];
292 }
293 break;/* MBEDTLS_X509_SAN_RFC822_NAME */
294 case (MBEDTLS_X509_SAN_DIRECTORY_NAME):
295 ret = mbedtls_snprintf(p, n, "\ndirectoryName : ");
296 MBEDTLS_X509_SAFE_SNPRINTF;
297 ret = mbedtls_x509_dn_gets(p, n, &san->san.directory_name);
298 if (ret < 0) {
299 return ret;
300 }
301
302 p += ret;
303 n -= ret;
304 break;/* MBEDTLS_X509_SAN_DIRECTORY_NAME */
305 default:
306 /*
307 * Should not happen.
308 */
309 return -1;
310 }
311 ret = mbedtls_snprintf(p, n, "\n");
312 MBEDTLS_X509_SAFE_SNPRINTF;
313
314 *size = n;
315 *buf = p;
316
317 return 0;
318}
319
320int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid,
321 int critical, const unsigned char *cp, const unsigned char *end)
322{
323 (void) crt;
324 (void) critical;
325 mbedtls_x509_buf *new_oid = (mbedtls_x509_buf *) p_ctx;
326 if (oid->tag == MBEDTLS_ASN1_OID &&
327 MBEDTLS_OID_CMP(MBEDTLS_OID_CERTIFICATE_POLICIES, oid) == 0) {
328 /* Handle unknown certificate policy */
329 int ret, parse_ret = 0;
330 size_t len;
331 unsigned char **p = (unsigned char **) &cp;
332
333 /* Get main sequence tag */
334 ret = mbedtls_asn1_get_tag(p, end, &len,
335 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
336 if (ret != 0) {
337 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
338 }
339
340 if (*p + len != end) {
341 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
342 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
343 }
344
345 /*
346 * Cannot be an empty sequence.
347 */
348 if (len == 0) {
349 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
350 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
351 }
352
353 while (*p < end) {
354 const unsigned char *policy_end;
355
356 /*
357 * Get the policy sequence
358 */
359 if ((ret = mbedtls_asn1_get_tag(p, end, &len,
360 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) !=
361 0) {
362 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
363 }
364
365 policy_end = *p + len;
366
367 if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len,
368 MBEDTLS_ASN1_OID)) != 0) {
369 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
370 }
371
372 /*
373 * Recognize exclusively the policy with OID 1
374 */
375 if (len != 1 || *p[0] != 1) {
376 parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
377 }
378
379 *p += len;
380
381 /*
382 * If there is an optional qualifier, then *p < policy_end
383 * Check the Qualifier len to verify it doesn't exceed policy_end.
384 */
385 if (*p < policy_end) {
386 if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len,
387 MBEDTLS_ASN1_CONSTRUCTED |
388 MBEDTLS_ASN1_SEQUENCE)) != 0) {
389 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
390 }
391 /*
392 * Skip the optional policy qualifiers.
393 */
394 *p += len;
395 }
396
397 if (*p != policy_end) {
398 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
399 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
400 }
401 }
402
403 if (*p != end) {
404 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
405 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
406 }
407
408 return parse_ret;
409 } else if (new_oid != NULL && new_oid->tag == oid->tag && new_oid->len == oid->len &&
410 memcmp(new_oid->p, oid->p, oid->len) == 0) {
411 return 0;
412 } else {
413 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
414 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
415 }
416}
417#endif /* MBEDTLS_X509_CRT_PARSE_C */
418
419#if defined(MBEDTLS_X509_CSR_PARSE_C)
420int parse_csr_ext_accept_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid,
421 int critical, const unsigned char *cp, const unsigned char *end)
422{
423 (void) p_ctx;
424 (void) csr;
425 (void) oid;
426 (void) critical;
427 (void) cp;
428 (void) end;
429
430 return 0;
431}
432
433int parse_csr_ext_reject_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid,
434 int critical, const unsigned char *cp, const unsigned char *end)
435{
436 (void) p_ctx;
437 (void) csr;
438 (void) oid;
439 (void) critical;
440 (void) cp;
441 (void) end;
442
443 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
444 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
445}
446#endif /* MBEDTLS_X509_CSR_PARSE_C */
447/* END_HEADER */
448
449/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
450void x509_accessor_ext_types(int ext_type, int has_ext_type)
451{
452 mbedtls_x509_crt crt;
453 int expected_result = ext_type & has_ext_type;
454
455 mbedtls_x509_crt_init(&crt);
456 USE_PSA_INIT();
457
458 crt.ext_types = ext_type;
459
460 TEST_EQUAL(mbedtls_x509_crt_has_ext_type(&crt, has_ext_type), expected_result);
461
462exit:
463 mbedtls_x509_crt_free(&crt);
464 USE_PSA_DONE();
465}
466/* END_CASE */
467
468/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_TEST_HOOKS */
469void x509_crt_parse_cn_inet_pton(const char *cn, data_t *exp, int ref_ret)
470{
471 uint32_t addr[4];
472 size_t addrlen = mbedtls_x509_crt_parse_cn_inet_pton(cn, addr);
473 TEST_EQUAL(addrlen, (size_t) ref_ret);
474
475 if (addrlen) {
476 TEST_MEMORY_COMPARE(exp->x, exp->len, addr, addrlen);
477 }
478}
479/* END_CASE */
480
481/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
482void x509_parse_san(char *crt_file, char *result_str, int parse_result)
483{
484 int ret;
485 mbedtls_x509_crt crt;
486 mbedtls_x509_subject_alternative_name san;
487 mbedtls_x509_sequence *cur = NULL;
488 char buf[2000];
489 char *p = buf;
490 size_t n = sizeof(buf);
491
492 mbedtls_x509_crt_init(&crt);
493 USE_PSA_INIT();
494 memset(buf, 0, 2000);
495
496 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), parse_result);
497
498 if (parse_result != 0) {
499 goto exit;
500 }
501 if (crt.ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
502 cur = &crt.subject_alt_names;
503 while (cur != NULL) {
504 ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san);
505 TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE);
506 /*
507 * If san type not supported, ignore.
508 */
509 if (ret == 0) {
510 ret = verify_parse_san(&san, &p, &n);
511 mbedtls_x509_free_subject_alt_name(&san);
512 TEST_EQUAL(ret, 0);
513 }
514 cur = cur->next;
515 }
516 }
517
518 TEST_EQUAL(strcmp(buf, result_str), 0);
519
520exit:
521 mbedtls_x509_crt_free(&crt);
522 USE_PSA_DONE();
523}
524/* END_CASE */
525
526/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_X509_CRT_PARSE_C */
527void x509_cert_info(char *crt_file, char *result_str)
528{
529 mbedtls_x509_crt crt;
530 char buf[2000];
531 int res;
532
533 mbedtls_x509_crt_init(&crt);
534 USE_PSA_INIT();
535 memset(buf, 0, 2000);
536
537 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
538 res = mbedtls_x509_crt_info(buf, 2000, "", &crt);
539
540 TEST_ASSERT(res != -1);
541 TEST_ASSERT(res != -2);
542
543 TEST_EQUAL(strcmp(buf, result_str), 0);
544
545exit:
546 mbedtls_x509_crt_free(&crt);
547 USE_PSA_DONE();
548}
549/* END_CASE */
550
551/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
552void mbedtls_x509_crl_info(char *crl_file, char *result_str)
553{
554 mbedtls_x509_crl crl;
555 char buf[2000];
556 int res;
557
558 mbedtls_x509_crl_init(&crl);
559 USE_PSA_INIT();
560 memset(buf, 0, 2000);
561
562 TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0);
563 res = mbedtls_x509_crl_info(buf, 2000, "", &crl);
564
565 TEST_ASSERT(res != -1);
566 TEST_ASSERT(res != -2);
567
568 TEST_EQUAL(strcmp(buf, result_str), 0);
569
570exit:
571 mbedtls_x509_crl_free(&crl);
572 USE_PSA_DONE();
573}
574/* END_CASE */
575
576/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
577void mbedtls_x509_crl_parse(char *crl_file, int result)
578{
579 mbedtls_x509_crl crl;
580 char buf[2000];
581
582 mbedtls_x509_crl_init(&crl);
583 USE_PSA_INIT();
584 memset(buf, 0, 2000);
585
586 TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), result);
587
588exit:
589 mbedtls_x509_crl_free(&crl);
590 USE_PSA_DONE();
591}
592/* END_CASE */
593
594/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
595void mbedtls_x509_csr_info(char *csr_file, char *result_str)
596{
597 mbedtls_x509_csr csr;
598 char buf[2000];
599 int res;
600
601 mbedtls_x509_csr_init(&csr);
602 USE_PSA_INIT();
603 memset(buf, 0, 2000);
604
605 TEST_EQUAL(mbedtls_x509_csr_parse_file(&csr, csr_file), 0);
606 res = mbedtls_x509_csr_info(buf, 2000, "", &csr);
607
608 TEST_ASSERT(res != -1);
609 TEST_ASSERT(res != -2);
610
611 TEST_EQUAL(strcmp(buf, result_str), 0);
612
613exit:
614 mbedtls_x509_csr_free(&csr);
615 USE_PSA_DONE();
616}
617/* END_CASE */
618
619/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
620void x509_verify_info(int flags, char *prefix, char *result_str)
621{
622 char buf[2000];
623 int res;
624
625 USE_PSA_INIT();
626 memset(buf, 0, sizeof(buf));
627
628 res = mbedtls_x509_crt_verify_info(buf, sizeof(buf), prefix, flags);
629
630 TEST_ASSERT(res >= 0);
631
632 TEST_EQUAL(strcmp(buf, result_str), 0);
633
634exit:
635 USE_PSA_DONE();
636}
637/* END_CASE */
638
639/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */
640void x509_verify_restart(char *crt_file, char *ca_file,
641 int result, int flags_result,
642 int max_ops, int min_restart, int max_restart)
643{
644 int ret, cnt_restart;
645 mbedtls_x509_crt_restart_ctx rs_ctx;
646 mbedtls_x509_crt crt;
647 mbedtls_x509_crt ca;
648 uint32_t flags = 0;
649
650 /*
651 * See comments on ecp_test_vect_restart() for op count precision.
652 *
653 * For reference, with Mbed TLS 2.6 and default settings:
654 * - ecdsa_verify() for P-256: ~ 6700
655 * - ecdsa_verify() for P-384: ~ 18800
656 * - x509_verify() for server5 -> test-ca2: ~ 18800
657 * - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500
658 */
659 mbedtls_x509_crt_restart_init(&rs_ctx);
660 mbedtls_x509_crt_init(&crt);
661 mbedtls_x509_crt_init(&ca);
662 MD_OR_USE_PSA_INIT();
663
664 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
665 TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
666
667 mbedtls_ecp_set_max_ops(max_ops);
668
669 cnt_restart = 0;
670 do {
671 ret = mbedtls_x509_crt_verify_restartable(&crt, &ca, NULL,
672 &mbedtls_x509_crt_profile_default, NULL, &flags,
673 NULL, NULL, &rs_ctx);
674 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
675
676 TEST_EQUAL(ret, result);
677 TEST_EQUAL(flags, (uint32_t) flags_result);
678
679 TEST_ASSERT(cnt_restart >= min_restart);
680 TEST_ASSERT(cnt_restart <= max_restart);
681
682 /* Do we leak memory when aborting? */
683 ret = mbedtls_x509_crt_verify_restartable(&crt, &ca, NULL,
684 &mbedtls_x509_crt_profile_default, NULL, &flags,
685 NULL, NULL, &rs_ctx);
686 TEST_ASSERT(ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
687
688exit:
689 mbedtls_x509_crt_restart_free(&rs_ctx);
690 mbedtls_x509_crt_free(&crt);
691 mbedtls_x509_crt_free(&ca);
692 MD_OR_USE_PSA_DONE();
693}
694/* END_CASE */
695
696/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
697void x509_verify(char *crt_file, char *ca_file, char *crl_file,
698 char *cn_name_str, int result, int flags_result,
699 char *profile_str,
700 char *verify_callback)
701{
702 mbedtls_x509_crt crt;
703 mbedtls_x509_crt ca;
704 mbedtls_x509_crl crl;
705 uint32_t flags = 0;
706 int res;
707 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL;
708 char *cn_name = NULL;
709 const mbedtls_x509_crt_profile *profile;
710
711 mbedtls_x509_crt_init(&crt);
712 mbedtls_x509_crt_init(&ca);
713 mbedtls_x509_crl_init(&crl);
714 MD_OR_USE_PSA_INIT();
715
716 if (strcmp(cn_name_str, "NULL") != 0) {
717 cn_name = cn_name_str;
718 }
719
720 if (strcmp(profile_str, "") == 0) {
721 profile = &mbedtls_x509_crt_profile_default;
722 } else if (strcmp(profile_str, "next") == 0) {
723 profile = &mbedtls_x509_crt_profile_next;
724 } else if (strcmp(profile_str, "suite_b") == 0) {
725 profile = &mbedtls_x509_crt_profile_suiteb;
726 } else if (strcmp(profile_str, "compat") == 0) {
727 profile = &compat_profile;
728 } else if (strcmp(profile_str, "all") == 0) {
729 profile = &profile_all;
730 } else {
731 TEST_FAIL("Unknown algorithm profile");
732 }
733
734 if (strcmp(verify_callback, "NULL") == 0) {
735 f_vrfy = NULL;
736 } else if (strcmp(verify_callback, "verify_none") == 0) {
737 f_vrfy = verify_none;
738 } else if (strcmp(verify_callback, "verify_all") == 0) {
739 f_vrfy = verify_all;
740 } else {
741 TEST_FAIL("No known verify callback selected");
742 }
743
744 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
745 TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
746 TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0);
747
748 res = mbedtls_x509_crt_verify_with_profile(&crt,
749 &ca,
750 &crl,
751 profile,
752 cn_name,
753 &flags,
754 f_vrfy,
755 NULL);
756
757 TEST_EQUAL(res, result);
758 TEST_EQUAL(flags, (uint32_t) flags_result);
759
760#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
761 /* CRLs aren't supported with CA callbacks, so skip the CA callback
762 * version of the test if CRLs are in use. */
763 if (strcmp(crl_file, "") == 0) {
764 flags = 0;
765
766 res = mbedtls_x509_crt_verify_with_ca_cb(&crt,
767 ca_callback,
768 &ca,
769 profile,
770 cn_name,
771 &flags,
772 f_vrfy,
773 NULL);
774
775 TEST_EQUAL(res, result);
776 TEST_EQUAL(flags, (uint32_t) (flags_result));
777 }
778#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
779exit:
780 mbedtls_x509_crt_free(&crt);
781 mbedtls_x509_crt_free(&ca);
782 mbedtls_x509_crl_free(&crl);
783 MD_OR_USE_PSA_DONE();
784}
785/* END_CASE */
786
787/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
788void x509_verify_ca_cb_failure(char *crt_file, char *ca_file, char *name,
789 int exp_ret)
790{
791 int ret;
792 mbedtls_x509_crt crt;
793 mbedtls_x509_crt ca;
794 uint32_t flags = 0;
795
796 mbedtls_x509_crt_init(&crt);
797 mbedtls_x509_crt_init(&ca);
798 USE_PSA_INIT();
799
800 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
801 TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
802
803 if (strcmp(name, "NULL") == 0) {
804 name = NULL;
805 }
806
807 ret = mbedtls_x509_crt_verify_with_ca_cb(&crt, ca_callback_fail, &ca,
808 &compat_profile, name, &flags,
809 NULL, NULL);
810
811 TEST_EQUAL(ret, exp_ret);
812 TEST_EQUAL(flags, (uint32_t) (-1));
813exit:
814 mbedtls_x509_crt_free(&crt);
815 mbedtls_x509_crt_free(&ca);
816 USE_PSA_DONE();
817}
818/* END_CASE */
819
820/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
821void x509_verify_callback(char *crt_file, char *ca_file, char *name,
822 int exp_ret, char *exp_vrfy_out)
823{
824 int ret;
825 mbedtls_x509_crt crt;
826 mbedtls_x509_crt ca;
827 uint32_t flags = 0;
828 verify_print_context vrfy_ctx;
829
830 mbedtls_x509_crt_init(&crt);
831 mbedtls_x509_crt_init(&ca);
832 MD_OR_USE_PSA_INIT();
833
834 verify_print_init(&vrfy_ctx);
835
836 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
837 TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
838
839 if (strcmp(name, "NULL") == 0) {
840 name = NULL;
841 }
842
843 ret = mbedtls_x509_crt_verify_with_profile(&crt, &ca, NULL,
844 &compat_profile,
845 name, &flags,
846 verify_print, &vrfy_ctx);
847
848 TEST_EQUAL(ret, exp_ret);
849 TEST_EQUAL(strcmp(vrfy_ctx.buf, exp_vrfy_out), 0);
850
851exit:
852 mbedtls_x509_crt_free(&crt);
853 mbedtls_x509_crt_free(&ca);
854 MD_OR_USE_PSA_DONE();
855}
856/* END_CASE */
857
858/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
859void mbedtls_x509_dn_gets_subject_replace(char *crt_file,
860 char *new_subject_ou,
861 char *result_str,
862 int ret)
863{
864 mbedtls_x509_crt crt;
865 char buf[2000];
866 int res = 0;
867
868 mbedtls_x509_crt_init(&crt);
869 USE_PSA_INIT();
870
871 memset(buf, 0, 2000);
872
873 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
874 crt.subject.next->val.p = (unsigned char *) new_subject_ou;
875 crt.subject.next->val.len = strlen(new_subject_ou);
876
877 res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject);
878
879 if (ret != 0) {
880 TEST_EQUAL(res, ret);
881 } else {
882 TEST_ASSERT(res != -1);
883 TEST_ASSERT(res != -2);
884 TEST_EQUAL(strcmp(buf, result_str), 0);
885 }
886exit:
887 mbedtls_x509_crt_free(&crt);
888 USE_PSA_DONE();
889}
890/* END_CASE */
891
892/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
893void mbedtls_x509_dn_gets(char *crt_file, char *entity, char *result_str)
894{
895 mbedtls_x509_crt crt;
896 char buf[2000];
897 int res = 0;
898
899 mbedtls_x509_crt_init(&crt);
900 USE_PSA_INIT();
901
902 memset(buf, 0, 2000);
903
904 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
905 if (strcmp(entity, "subject") == 0) {
906 res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject);
907 } else if (strcmp(entity, "issuer") == 0) {
908 res = mbedtls_x509_dn_gets(buf, 2000, &crt.issuer);
909 } else {
910 TEST_FAIL("Unknown entity");
911 }
912
913 TEST_ASSERT(res != -1);
914 TEST_ASSERT(res != -2);
915
916 TEST_EQUAL(strcmp(buf, result_str), 0);
917
918exit:
919 mbedtls_x509_crt_free(&crt);
920 USE_PSA_DONE();
921}
922/* END_CASE */
923
924/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
925void mbedtls_x509_get_name(char *rdn_sequence, int exp_ret)
926{
927 unsigned char *name = NULL;
928 unsigned char *p;
929 size_t name_len;
930 mbedtls_x509_name head;
931 int ret;
932
933 USE_PSA_INIT();
934 memset(&head, 0, sizeof(head));
935
936 name = mbedtls_test_unhexify_alloc(rdn_sequence, &name_len);
937 p = name;
938
939 ret = mbedtls_x509_get_name(&p, (name + name_len), &head);
940 if (ret == 0) {
941 mbedtls_asn1_free_named_data_list_shallow(head.next);
942 }
943
944 TEST_EQUAL(ret, exp_ret);
945
946exit:
947 mbedtls_free(name);
948 USE_PSA_DONE();
949}
950/* END_CASE */
951
952/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
953void mbedtls_x509_dn_get_next(char *name_str,
954 int next_merged,
955 char *expected_oids,
956 int exp_count,
957 char *exp_dn_gets)
958{
959 int ret = 0, i;
960 size_t len = 0, out_size;
961 mbedtls_asn1_named_data *names = NULL;
962 mbedtls_x509_name parsed;
963 memset(&parsed, 0, sizeof(parsed));
964 mbedtls_x509_name *parsed_cur;
965 // Size of buf is maximum required for test cases
966 unsigned char buf[80] = { 0 };
967 unsigned char *out = NULL;
968 unsigned char *c = buf + sizeof(buf);
969 const char *short_name;
970
971 USE_PSA_INIT();
972
973 // Additional size required for trailing space
974 out_size = strlen(expected_oids) + 2;
975 TEST_CALLOC(out, out_size);
976
977 TEST_EQUAL(mbedtls_x509_string_to_names(&names, name_str), 0);
978
979 ret = mbedtls_x509_write_names(&c, buf, names);
980 TEST_LE_S(0, ret);
981
982 TEST_EQUAL(mbedtls_asn1_get_tag(&c, buf + sizeof(buf), &len,
983 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE), 0);
984 TEST_EQUAL(mbedtls_x509_get_name(&c, buf + sizeof(buf), &parsed), 0);
985
986 // Iterate over names and set next_merged nodes
987 parsed_cur = &parsed;
988 for (; next_merged != 0 && parsed_cur != NULL; next_merged = next_merged >> 1) {
989 parsed_cur->next_merged = next_merged & 0x01;
990 parsed_cur = parsed_cur->next;
991 }
992
993 // Iterate over RDN nodes and print OID of first element to buffer
994 parsed_cur = &parsed;
995 len = 0;
996 for (i = 0; parsed_cur != NULL; i++) {
997 TEST_EQUAL(mbedtls_oid_get_attr_short_name(&parsed_cur->oid,
998 &short_name), 0);
999 len += mbedtls_snprintf((char *) out + len, out_size - len, "%s ", short_name);
1000 parsed_cur = mbedtls_x509_dn_get_next(parsed_cur);
1001 }
1002 out[len-1] = 0;
1003
1004 TEST_EQUAL(exp_count, i);
1005 TEST_EQUAL(strcmp((char *) out, expected_oids), 0);
1006 mbedtls_free(out);
1007 out = NULL;
1008
1009 out_size = strlen(exp_dn_gets) + 1;
1010 TEST_CALLOC(out, out_size);
1011
1012 TEST_LE_S(0, mbedtls_x509_dn_gets((char *) out, out_size, &parsed));
1013 TEST_EQUAL(strcmp((char *) out, exp_dn_gets), 0);
1014exit:
1015 mbedtls_free(out);
1016 mbedtls_asn1_free_named_data_list(&names);
1017 mbedtls_asn1_free_named_data_list_shallow(parsed.next);
1018 USE_PSA_DONE();
1019}
1020/* END_CASE */
1021
1022/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
1023void mbedtls_x509_time_is_past(char *crt_file, char *entity, int result)
1024{
1025 mbedtls_x509_crt crt;
1026
1027 mbedtls_x509_crt_init(&crt);
1028 USE_PSA_INIT();
1029
1030 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
1031
1032 if (strcmp(entity, "valid_from") == 0) {
1033 TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_from), result);
1034 } else if (strcmp(entity, "valid_to") == 0) {
1035 TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_to), result);
1036 } else {
1037 TEST_FAIL("Unknown entity");
1038 }
1039
1040exit:
1041 mbedtls_x509_crt_free(&crt);
1042 USE_PSA_DONE();
1043}
1044/* END_CASE */
1045
1046/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
1047void mbedtls_x509_time_is_future(char *crt_file, char *entity, int result)
1048{
1049 mbedtls_x509_crt crt;
1050
1051 mbedtls_x509_crt_init(&crt);
1052 USE_PSA_INIT();
1053
1054 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
1055
1056 if (strcmp(entity, "valid_from") == 0) {
1057 TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_from), result);
1058 } else if (strcmp(entity, "valid_to") == 0) {
1059 TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_to), result);
1060 } else {
1061 TEST_FAIL("Unknown entity");
1062 }
1063
1064exit:
1065 mbedtls_x509_crt_free(&crt);
1066 USE_PSA_DONE();
1067}
1068/* END_CASE */
1069
1070/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
1071void x509parse_crt_file(char *crt_file, int result)
1072{
1073 mbedtls_x509_crt crt;
1074
1075 mbedtls_x509_crt_init(&crt);
1076 USE_PSA_INIT();
1077
1078 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), result);
1079
1080exit:
1081 mbedtls_x509_crt_free(&crt);
1082 USE_PSA_DONE();
1083}
1084/* END_CASE */
1085
1086/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
1087void mbedtls_x509_get_ca_istrue(char *crt_file, int result)
1088{
1089 mbedtls_x509_crt crt;
1090 mbedtls_x509_crt_init(&crt);
1091 USE_PSA_INIT();
1092
1093 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
1094 TEST_EQUAL(mbedtls_x509_crt_get_ca_istrue(&crt), result);
1095exit:
1096 mbedtls_x509_crt_free(&crt);
1097 USE_PSA_DONE();
1098}
1099/* END_CASE */
1100
1101/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
1102void x509parse_crt(data_t *buf, char *result_str, int result)
1103{
1104 mbedtls_x509_crt crt;
1105#if !defined(MBEDTLS_X509_REMOVE_INFO)
1106 unsigned char output[2000] = { 0 };
1107 int res;
1108#else
1109 ((void) result_str);
1110#endif
1111
1112 mbedtls_x509_crt_init(&crt);
1113 USE_PSA_INIT();
1114
1115 TEST_EQUAL(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len), result);
1116#if !defined(MBEDTLS_X509_REMOVE_INFO)
1117 if ((result) == 0) {
1118 res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
1119 TEST_ASSERT(res != -1);
1120 TEST_ASSERT(res != -2);
1121
1122 TEST_EQUAL(strcmp((char *) output, result_str), 0);
1123 }
1124 memset(output, 0, 2000);
1125#endif
1126
1127 mbedtls_x509_crt_free(&crt);
1128 mbedtls_x509_crt_init(&crt);
1129
1130 TEST_EQUAL(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len), result);
1131#if !defined(MBEDTLS_X509_REMOVE_INFO)
1132 if ((result) == 0) {
1133 memset(output, 0, 2000);
1134
1135 res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
1136
1137 TEST_ASSERT(res != -1);
1138 TEST_ASSERT(res != -2);
1139
1140 TEST_EQUAL(strcmp((char *) output, result_str), 0);
1141 }
1142 memset(output, 0, 2000);
1143#endif /* !MBEDTLS_X509_REMOVE_INFO */
1144
1145 mbedtls_x509_crt_free(&crt);
1146 mbedtls_x509_crt_init(&crt);
1147
1148 TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, NULL),
1149 result);
1150#if !defined(MBEDTLS_X509_REMOVE_INFO)
1151 if ((result) == 0) {
1152 res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
1153
1154 TEST_ASSERT(res != -1);
1155 TEST_ASSERT(res != -2);
1156
1157 TEST_EQUAL(strcmp((char *) output, result_str), 0);
1158 }
1159 memset(output, 0, 2000);
1160#endif /* !MBEDTLS_X509_REMOVE_INFO */
1161
1162 mbedtls_x509_crt_free(&crt);
1163 mbedtls_x509_crt_init(&crt);
1164
1165 TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, NULL),
1166 result);
1167#if !defined(MBEDTLS_X509_REMOVE_INFO)
1168 if ((result) == 0) {
1169 res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
1170
1171 TEST_ASSERT(res != -1);
1172 TEST_ASSERT(res != -2);
1173
1174 TEST_EQUAL(strcmp((char *) output, result_str), 0);
1175 }
1176#endif /* !MBEDTLS_X509_REMOVE_INFO */
1177
1178exit:
1179 mbedtls_x509_crt_free(&crt);
1180 USE_PSA_DONE();
1181}
1182/* END_CASE */
1183
1184/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
1185void x509parse_crt_cb(data_t *buf, char *result_str, int result)
1186{
1187 mbedtls_x509_crt crt;
1188 mbedtls_x509_buf oid;
1189
1190#if !defined(MBEDTLS_X509_REMOVE_INFO)
1191 unsigned char output[2000] = { 0 };
1192 int res;
1193#else
1194 ((void) result_str);
1195#endif
1196
1197 oid.tag = MBEDTLS_ASN1_OID;
1198 oid.len = MBEDTLS_OID_SIZE(MBEDTLS_OID_PKIX "\x01\x1F");
1199 oid.p = (unsigned char *) MBEDTLS_OID_PKIX "\x01\x1F";
1200
1201 mbedtls_x509_crt_init(&crt);
1202 USE_PSA_INIT();
1203
1204 TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, parse_crt_ext_cb,
1205 &oid), result);
1206#if !defined(MBEDTLS_X509_REMOVE_INFO)
1207 if ((result) == 0) {
1208 res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
1209
1210 TEST_ASSERT(res != -1);
1211 TEST_ASSERT(res != -2);
1212
1213 TEST_EQUAL(strcmp((char *) output, result_str), 0);
1214 }
1215 memset(output, 0, 2000);
1216#endif /* !MBEDTLS_X509_REMOVE_INFO */
1217
1218 mbedtls_x509_crt_free(&crt);
1219 mbedtls_x509_crt_init(&crt);
1220
1221 TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, parse_crt_ext_cb,
1222 &oid), (result));
1223#if !defined(MBEDTLS_X509_REMOVE_INFO)
1224 if ((result) == 0) {
1225 res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
1226
1227 TEST_ASSERT(res != -1);
1228 TEST_ASSERT(res != -2);
1229
1230 TEST_EQUAL(strcmp((char *) output, result_str), 0);
1231 }
1232#endif /* !MBEDTLS_X509_REMOVE_INFO */
1233
1234exit:
1235 mbedtls_x509_crt_free(&crt);
1236 USE_PSA_DONE();
1237}
1238/* END_CASE */
1239
1240/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
1241void x509parse_crl(data_t *buf, char *result_str, int result)
1242{
1243 mbedtls_x509_crl crl;
1244 unsigned char output[2000];
1245 int res;
1246
1247 mbedtls_x509_crl_init(&crl);
1248 USE_PSA_INIT();
1249
1250 memset(output, 0, 2000);
1251
1252
1253 TEST_EQUAL(mbedtls_x509_crl_parse(&crl, buf->x, buf->len), (result));
1254 if ((result) == 0) {
1255 res = mbedtls_x509_crl_info((char *) output, 2000, "", &crl);
1256
1257 TEST_ASSERT(res != -1);
1258 TEST_ASSERT(res != -2);
1259
1260 TEST_EQUAL(strcmp((char *) output, result_str), 0);
1261 }
1262
1263exit:
1264 mbedtls_x509_crl_free(&crl);
1265 USE_PSA_DONE();
1266}
1267/* END_CASE */
1268
1269/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
1270void mbedtls_x509_csr_parse(data_t *csr_der, char *ref_out, int ref_ret)
1271{
1272 mbedtls_x509_csr csr;
1273 char my_out[1000];
1274 int my_ret;
1275
1276 mbedtls_x509_csr_init(&csr);
1277 USE_PSA_INIT();
1278
1279 memset(my_out, 0, sizeof(my_out));
1280
1281 my_ret = mbedtls_x509_csr_parse_der(&csr, csr_der->x, csr_der->len);
1282 TEST_EQUAL(my_ret, ref_ret);
1283
1284 if (ref_ret == 0) {
1285 size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr);
1286 TEST_EQUAL(my_out_len, strlen(ref_out));
1287 TEST_EQUAL(strcmp(my_out, ref_out), 0);
1288 }
1289
1290exit:
1291 mbedtls_x509_csr_free(&csr);
1292 USE_PSA_DONE();
1293}
1294/* END_CASE */
1295
1296/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
1297void mbedtls_x509_csr_parse_with_ext_cb(data_t *csr_der, char *ref_out, int ref_ret, int accept)
1298{
1299 mbedtls_x509_csr csr;
1300 char my_out[1000];
1301 int my_ret;
1302
1303 mbedtls_x509_csr_init(&csr);
1304 USE_PSA_INIT();
1305
1306 memset(my_out, 0, sizeof(my_out));
1307
1308 my_ret = mbedtls_x509_csr_parse_der_with_ext_cb(&csr, csr_der->x, csr_der->len,
1309 accept ? parse_csr_ext_accept_cb :
1310 parse_csr_ext_reject_cb,
1311 NULL);
1312 TEST_EQUAL(my_ret, ref_ret);
1313
1314 if (ref_ret == 0) {
1315 size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr);
1316 TEST_EQUAL(my_out_len, strlen(ref_out));
1317 TEST_EQUAL(strcmp(my_out, ref_out), 0);
1318 }
1319
1320exit:
1321 mbedtls_x509_csr_free(&csr);
1322 USE_PSA_DONE();
1323}
1324/* END_CASE */
1325
1326/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
1327void mbedtls_x509_csr_parse_file(char *csr_file, char *ref_out, int ref_ret)
1328{
1329 mbedtls_x509_csr csr;
1330 char my_out[1000];
1331 int my_ret;
1332
1333 mbedtls_x509_csr_init(&csr);
1334 USE_PSA_INIT();
1335
1336 memset(my_out, 0, sizeof(my_out));
1337
1338 my_ret = mbedtls_x509_csr_parse_file(&csr, csr_file);
1339 TEST_EQUAL(my_ret, ref_ret);
1340
1341 if (ref_ret == 0) {
1342 size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr);
1343 TEST_EQUAL(my_out_len, strlen(ref_out));
1344 TEST_EQUAL(strcmp(my_out, ref_out), 0);
1345 }
1346
1347exit:
1348 mbedtls_x509_csr_free(&csr);
1349 USE_PSA_DONE();
1350}
1351/* END_CASE */
1352
1353/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
1354void mbedtls_x509_crt_parse_file(char *crt_path, int ret, int nb_crt)
1355{
1356 mbedtls_x509_crt chain, *cur;
1357 int i;
1358
1359 mbedtls_x509_crt_init(&chain);
1360 USE_PSA_INIT();
1361
1362 TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, crt_path), ret);
1363
1364 /* Check how many certs we got */
1365 for (i = 0, cur = &chain; cur != NULL; cur = cur->next) {
1366 if (cur->raw.p != NULL) {
1367 i++;
1368 }
1369 }
1370
1371 TEST_EQUAL(i, nb_crt);
1372
1373exit:
1374 mbedtls_x509_crt_free(&chain);
1375 USE_PSA_DONE();
1376}
1377/* END_CASE */
1378
1379/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
1380void mbedtls_x509_crt_parse_path(char *crt_path, int ret, int nb_crt)
1381{
1382 mbedtls_x509_crt chain, *cur;
1383 int i;
1384
1385 mbedtls_x509_crt_init(&chain);
1386 USE_PSA_INIT();
1387
1388 TEST_EQUAL(mbedtls_x509_crt_parse_path(&chain, crt_path), ret);
1389
1390 /* Check how many certs we got */
1391 for (i = 0, cur = &chain; cur != NULL; cur = cur->next) {
1392 if (cur->raw.p != NULL) {
1393 i++;
1394 }
1395 }
1396
1397 TEST_EQUAL(i, nb_crt);
1398
1399exit:
1400 mbedtls_x509_crt_free(&chain);
1401 USE_PSA_DONE();
1402}
1403/* END_CASE */
1404
1405/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
1406void mbedtls_x509_crt_verify_max(char *ca_file, char *chain_dir, int nb_int,
1407 int ret_chk, int flags_chk)
1408{
1409 char file_buf[128];
1410 int ret;
1411 uint32_t flags;
1412 mbedtls_x509_crt trusted, chain;
1413
1414 /*
1415 * We expect chain_dir to contain certificates 00.crt, 01.crt, etc.
1416 * with NN.crt signed by NN-1.crt
1417 */
1418 mbedtls_x509_crt_init(&trusted);
1419 mbedtls_x509_crt_init(&chain);
1420 MD_OR_USE_PSA_INIT();
1421
1422 /* Load trusted root */
1423 TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, ca_file), 0);
1424
1425 /* Load a chain with nb_int intermediates (from 01 to nb_int),
1426 * plus one "end-entity" cert (nb_int + 1) */
1427 ret = mbedtls_snprintf(file_buf, sizeof(file_buf), "%s/c%02d.pem", chain_dir,
1428 nb_int + 1);
1429 TEST_ASSERT(ret > 0 && (size_t) ret < sizeof(file_buf));
1430 TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, file_buf), 0);
1431
1432 /* Try to verify that chain */
1433 ret = mbedtls_x509_crt_verify(&chain, &trusted, NULL, NULL, &flags,
1434 NULL, NULL);
1435 TEST_EQUAL(ret, ret_chk);
1436 TEST_EQUAL(flags, (uint32_t) flags_chk);
1437
1438exit:
1439 mbedtls_x509_crt_free(&chain);
1440 mbedtls_x509_crt_free(&trusted);
1441 MD_OR_USE_PSA_DONE();
1442}
1443/* END_CASE */
1444
1445/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
1446void mbedtls_x509_crt_verify_chain(char *chain_paths, char *trusted_ca,
1447 int flags_result, int result,
1448 char *profile_name, int vrfy_fatal_lvls)
1449{
1450 char *act;
1451 uint32_t flags;
1452 int res;
1453 mbedtls_x509_crt trusted, chain;
1454 const mbedtls_x509_crt_profile *profile = NULL;
1455
1456 mbedtls_x509_crt_init(&chain);
1457 mbedtls_x509_crt_init(&trusted);
1458 MD_OR_USE_PSA_INIT();
1459
1460 while ((act = mystrsep(&chain_paths, " ")) != NULL) {
1461 TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, act), 0);
1462 }
1463 TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, trusted_ca), 0);
1464
1465 if (strcmp(profile_name, "") == 0) {
1466 profile = &mbedtls_x509_crt_profile_default;
1467 } else if (strcmp(profile_name, "next") == 0) {
1468 profile = &mbedtls_x509_crt_profile_next;
1469 } else if (strcmp(profile_name, "suiteb") == 0) {
1470 profile = &mbedtls_x509_crt_profile_suiteb;
1471 } else if (strcmp(profile_name, "rsa3072") == 0) {
1472 profile = &profile_rsa3072;
1473 } else if (strcmp(profile_name, "sha512") == 0) {
1474 profile = &profile_sha512;
1475 }
1476
1477 res = mbedtls_x509_crt_verify_with_profile(&chain, &trusted, NULL, profile,
1478 NULL, &flags, verify_fatal, &vrfy_fatal_lvls);
1479
1480 TEST_EQUAL(res, (result));
1481 TEST_EQUAL(flags, (uint32_t) (flags_result));
1482
1483exit:
1484 mbedtls_x509_crt_free(&trusted);
1485 mbedtls_x509_crt_free(&chain);
1486 MD_OR_USE_PSA_DONE();
1487}
1488/* END_CASE */
1489
1490/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C:!MBEDTLS_X509_REMOVE_INFO */
1491void x509_oid_desc(data_t *buf, char *ref_desc)
1492{
1493 mbedtls_x509_buf oid;
1494 const char *desc = NULL;
1495 int ret;
1496
1497 USE_PSA_INIT();
1498
1499 oid.tag = MBEDTLS_ASN1_OID;
1500 oid.p = buf->x;
1501 oid.len = buf->len;
1502
1503 ret = mbedtls_oid_get_extended_key_usage(&oid, &desc);
1504
1505 if (strcmp(ref_desc, "notfound") == 0) {
1506 TEST_ASSERT(ret != 0);
1507 TEST_ASSERT(desc == NULL);
1508 } else {
1509 TEST_EQUAL(ret, 0);
1510 TEST_ASSERT(desc != NULL);
1511 TEST_EQUAL(strcmp(desc, ref_desc), 0);
1512 }
1513
1514exit:
1515 USE_PSA_DONE();
1516}
1517/* END_CASE */
1518
1519/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
1520void x509_oid_numstr(data_t *oid_buf, char *numstr, int blen, int ret)
1521{
1522 mbedtls_x509_buf oid;
1523 char num_buf[100];
1524
1525 USE_PSA_INIT();
1526
1527 memset(num_buf, 0x2a, sizeof(num_buf));
1528
1529 oid.tag = MBEDTLS_ASN1_OID;
1530 oid.p = oid_buf->x;
1531 oid.len = oid_buf->len;
1532
1533 TEST_ASSERT((size_t) blen <= sizeof(num_buf));
1534
1535 TEST_EQUAL(mbedtls_oid_get_numeric_string(num_buf, blen, &oid), ret);
1536
1537 if (ret >= 0) {
1538 TEST_EQUAL(num_buf[ret], 0);
1539 TEST_EQUAL(strcmp(num_buf, numstr), 0);
1540 }
1541
1542exit:
1543 USE_PSA_DONE();
1544}
1545/* END_CASE */
1546
1547/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
1548void x509_check_key_usage(char *crt_file, int usage, int ret)
1549{
1550 mbedtls_x509_crt crt;
1551
1552 mbedtls_x509_crt_init(&crt);
1553 USE_PSA_INIT();
1554
1555 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
1556
1557 TEST_EQUAL(mbedtls_x509_crt_check_key_usage(&crt, usage), ret);
1558
1559exit:
1560 mbedtls_x509_crt_free(&crt);
1561 USE_PSA_DONE();
1562}
1563/* END_CASE */
1564
1565/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
1566void x509_check_extended_key_usage(char *crt_file, data_t *oid, int ret
1567 )
1568{
1569 mbedtls_x509_crt crt;
1570
1571 mbedtls_x509_crt_init(&crt);
1572 USE_PSA_INIT();
1573
1574 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
1575
1576 TEST_EQUAL(mbedtls_x509_crt_check_extended_key_usage(&crt, (const char *) oid->x, oid->len),
1577 ret);
1578
1579exit:
1580 mbedtls_x509_crt_free(&crt);
1581 USE_PSA_DONE();
1582}
1583/* END_CASE */
1584
1585/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
1586void x509_get_time(int tag, char *time_str, int ret, int year, int mon,
1587 int day, int hour, int min, int sec)
1588{
1589 mbedtls_x509_time time;
1590 unsigned char buf[21];
1591 unsigned char *start = buf;
1592 unsigned char *end = buf;
1593
1594 USE_PSA_INIT();
1595 memset(&time, 0x00, sizeof(time));
1596 *end = (unsigned char) tag; end++;
1597 *end = strlen(time_str);
1598 TEST_ASSERT(*end < 20);
1599 end++;
1600 memcpy(end, time_str, (size_t) *(end - 1));
1601 end += *(end - 1);
1602
1603 TEST_EQUAL(mbedtls_x509_get_time(&start, end, &time), ret);
1604 if (ret == 0) {
1605 TEST_EQUAL(year, time.year);
1606 TEST_EQUAL(mon, time.mon);
1607 TEST_EQUAL(day, time.day);
1608 TEST_EQUAL(hour, time.hour);
1609 TEST_EQUAL(min, time.min);
1610 TEST_EQUAL(sec, time.sec);
1611 }
1612exit:
1613 USE_PSA_DONE();
1614}
1615/* END_CASE */
1616
1617/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */
1618void x509_parse_rsassa_pss_params(data_t *params, int params_tag,
1619 int ref_msg_md, int ref_mgf_md,
1620 int ref_salt_len, int ref_ret)
1621{
1622 int my_ret;
1623 mbedtls_x509_buf buf;
1624 mbedtls_md_type_t my_msg_md, my_mgf_md;
1625 int my_salt_len;
1626
1627 USE_PSA_INIT();
1628
1629 buf.p = params->x;
1630 buf.len = params->len;
1631 buf.tag = params_tag;
1632
1633 my_ret = mbedtls_x509_get_rsassa_pss_params(&buf, &my_msg_md, &my_mgf_md,
1634 &my_salt_len);
1635
1636 TEST_EQUAL(my_ret, ref_ret);
1637
1638 if (ref_ret == 0) {
1639 TEST_EQUAL(my_msg_md, (mbedtls_md_type_t) ref_msg_md);
1640 TEST_EQUAL(my_mgf_md, (mbedtls_md_type_t) ref_mgf_md);
1641 TEST_EQUAL(my_salt_len, ref_salt_len);
1642 }
1643
1644exit:
1645 USE_PSA_DONE();
1646}
1647/* END_CASE */
1648
1649/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
1650void x509_crt_parse_subjectkeyid(char *file, data_t *subjectKeyId, int ref_ret)
1651{
1652 mbedtls_x509_crt crt;
1653
1654 mbedtls_x509_crt_init(&crt);
1655
1656 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret);
1657
1658 if (ref_ret == 0) {
1659 TEST_EQUAL(crt.subject_key_id.tag, MBEDTLS_ASN1_OCTET_STRING);
1660 TEST_EQUAL(memcmp(crt.subject_key_id.p, subjectKeyId->x, subjectKeyId->len), 0);
1661 TEST_EQUAL(crt.subject_key_id.len, subjectKeyId->len);
1662 } else {
1663 TEST_EQUAL(crt.subject_key_id.tag, 0);
1664 TEST_EQUAL(crt.subject_key_id.len, 0);
1665 }
1666
1667exit:
1668 mbedtls_x509_crt_free(&crt);
1669}
1670/* END_CASE */
1671
1672/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
1673void x509_crt_parse_authoritykeyid(char *file,
1674 data_t *keyId,
1675 char *authorityKeyId_issuer,
1676 data_t *serial,
1677 int ref_ret)
1678{
1679 mbedtls_x509_crt crt;
1680 mbedtls_x509_subject_alternative_name san;
1681 char name_buf[128];
1682
1683 mbedtls_x509_crt_init(&crt);
1684
1685 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret);
1686
1687 if (ref_ret == 0) {
1688 /* KeyId test */
1689 if (keyId->len > 0) {
1690 TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, MBEDTLS_ASN1_OCTET_STRING);
1691 TEST_EQUAL(memcmp(crt.authority_key_id.keyIdentifier.p, keyId->x, keyId->len), 0);
1692 TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, keyId->len);
1693 } else {
1694 TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, 0);
1695 TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, 0);
1696 }
1697
1698
1699 /* Issuer test */
1700 if (strlen(authorityKeyId_issuer) > 0) {
1701 mbedtls_x509_sequence *issuerPtr = &crt.authority_key_id.authorityCertIssuer;
1702
1703 TEST_EQUAL(mbedtls_x509_parse_subject_alt_name(&issuerPtr->buf, &san), 0);
1704
1705 TEST_ASSERT(mbedtls_x509_dn_gets(name_buf, sizeof(name_buf),
1706 &san.san.directory_name)
1707 > 0);
1708 TEST_EQUAL(strcmp(name_buf, authorityKeyId_issuer), 0);
1709
1710 mbedtls_x509_free_subject_alt_name(&san);
1711 }
1712
1713 /* Serial test */
1714 if (serial->len > 0) {
1715 TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag,
1716 MBEDTLS_ASN1_INTEGER);
1717 TEST_EQUAL(memcmp(crt.authority_key_id.authorityCertSerialNumber.p,
1718 serial->x, serial->len), 0);
1719 TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, serial->len);
1720 } else {
1721 TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, 0);
1722 TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, 0);
1723 }
1724
1725 } else {
1726 TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, 0);
1727 TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, 0);
1728
1729 TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, 0);
1730 TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, 0);
1731 }
1732
1733exit:
1734 mbedtls_x509_crt_free(&crt);
1735}
1736/* END_CASE */