aboutsummaryrefslogtreecommitdiff
path: root/tests/suites/test_suite_x509parse.function
diff options
context:
space:
mode:
Diffstat (limited to 'tests/suites/test_suite_x509parse.function')
-rw-r--r--tests/suites/test_suite_x509parse.function1401
1 files changed, 1401 insertions, 0 deletions
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
new file mode 100644
index 000000000..2585720ed
--- /dev/null
+++ b/tests/suites/test_suite_x509parse.function
@@ -0,0 +1,1401 @@
+/* BEGIN_HEADER */
+#include "mbedtls/bignum.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/x509_crt.h"
+#include "mbedtls/x509_crl.h"
+#include "mbedtls/x509_csr.h"
+#include "mbedtls/pem.h"
+#include "mbedtls/oid.h"
+#include "mbedtls/base64.h"
+#include "mbedtls/error.h"
+#include "string.h"
+
+#include "mbedtls/legacy_or_psa.h"
+
+#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
+#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
+than the current threshold 19. To test larger values, please \
+adapt the script tests/data_files/dir-max/long.sh."
+#endif
+
+/* Test-only profile allowing all digests, PK algorithms, and curves. */
+const mbedtls_x509_crt_profile profile_all =
+{
+ 0xFFFFFFFF, /* Any MD */
+ 0xFFFFFFFF, /* Any PK alg */
+ 0xFFFFFFFF, /* Any curve */
+ 1024,
+};
+
+/* Profile for backward compatibility. Allows SHA-1, unlike the default
+ profile. */
+const mbedtls_x509_crt_profile compat_profile =
+{
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) |
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
+ 0xFFFFFFFF, /* Any PK alg */
+ 0xFFFFFFFF, /* Any curve */
+ 1024,
+};
+
+const mbedtls_x509_crt_profile profile_rsa3072 =
+{
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ),
+ 0,
+ 3072,
+};
+
+const mbedtls_x509_crt_profile profile_sha512 =
+{
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
+ 0xFFFFFFFF, /* Any PK alg */
+ 0xFFFFFFFF, /* Any curve */
+ 1024,
+};
+
+int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
+{
+ ((void) data);
+ ((void) crt);
+ ((void) certificate_depth);
+ *flags |= MBEDTLS_X509_BADCERT_OTHER;
+
+ return 0;
+}
+
+int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
+{
+ ((void) data);
+ ((void) crt);
+ ((void) certificate_depth);
+ *flags = 0;
+
+ return 0;
+}
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+int ca_callback_fail( void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates )
+{
+ ((void) data);
+ ((void) child);
+ ((void) candidates);
+
+ return -1;
+}
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+int ca_callback( void *data, mbedtls_x509_crt const *child,
+ mbedtls_x509_crt **candidates )
+{
+ int ret = 0;
+ mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
+ mbedtls_x509_crt *first;
+
+ /* This is a test-only implementation of the CA callback
+ * which always returns the entire list of trusted certificates.
+ * Production implementations managing a large number of CAs
+ * should use an efficient presentation and lookup for the
+ * set of trusted certificates (such as a hashtable) and only
+ * return those trusted certificates which satisfy basic
+ * parental checks, such as the matching of child `Issuer`
+ * and parent `Subject` field. */
+ ((void) child);
+
+ first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
+ if( first == NULL )
+ {
+ ret = -1;
+ goto exit;
+ }
+ mbedtls_x509_crt_init( first );
+
+ if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
+ {
+ ret = -1;
+ goto exit;
+ }
+
+ while( ca->next != NULL )
+ {
+ ca = ca->next;
+ if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
+ {
+ ret = -1;
+ goto exit;
+ }
+ }
+
+exit:
+
+ if( ret != 0 )
+ {
+ mbedtls_x509_crt_free( first );
+ mbedtls_free( first );
+ first = NULL;
+ }
+
+ *candidates = first;
+ return( ret );
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+
+int verify_fatal( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
+{
+ int *levels = (int *) data;
+
+ ((void) crt);
+ ((void) certificate_depth);
+
+ /* Simulate a fatal error in the callback */
+ if( *levels & ( 1 << certificate_depth ) )
+ {
+ *flags |= ( 1 << certificate_depth );
+ return( -1 - certificate_depth );
+ }
+
+ return( 0 );
+}
+
+/* strsep() not available on Windows */
+char *mystrsep(char **stringp, const char *delim)
+{
+ const char *p;
+ char *ret = *stringp;
+
+ if( *stringp == NULL )
+ return( NULL );
+
+ for( ; ; (*stringp)++ )
+ {
+ if( **stringp == '\0' )
+ {
+ *stringp = NULL;
+ goto done;
+ }
+
+ for( p = delim; *p != '\0'; p++ )
+ if( **stringp == *p )
+ {
+ **stringp = '\0';
+ (*stringp)++;
+ goto done;
+ }
+ }
+
+done:
+ return( ret );
+}
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+typedef struct {
+ char buf[512];
+ char *p;
+} verify_print_context;
+
+void verify_print_init( verify_print_context *ctx )
+{
+ memset( ctx, 0, sizeof( verify_print_context ) );
+ ctx->p = ctx->buf;
+}
+
+int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
+{
+ int ret;
+ verify_print_context *ctx = (verify_print_context *) data;
+ char *p = ctx->p;
+ size_t n = ctx->buf + sizeof( ctx->buf ) - ctx->p;
+ ((void) flags);
+
+ ret = mbedtls_snprintf( p, n, "depth %d - serial ", certificate_depth );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ ret = mbedtls_snprintf( p, n, " - subject " );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ ret = mbedtls_snprintf( p, n, " - flags 0x%08x\n", *flags );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ ctx->p = p;
+
+ return( 0 );
+}
+
+int verify_parse_san( mbedtls_x509_subject_alternative_name *san,
+ char **buf, size_t *size )
+{
+ int ret;
+ size_t i;
+ char *p = *buf;
+ size_t n = *size;
+
+ ret = mbedtls_snprintf( p, n, "type : %d", san->type );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ switch( san->type )
+ {
+ case( MBEDTLS_X509_SAN_OTHER_NAME ):
+ ret = mbedtls_snprintf( p, n, "\notherName :");
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
+ &san->san.other_name.value.hardware_module_name.oid ) != 0 )
+ {
+ ret = mbedtls_snprintf( p, n, " hardware module name :" );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ ret = mbedtls_snprintf( p, n, " hardware type : " );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ ret = mbedtls_oid_get_numeric_string( p, n,
+ &san->san.other_name.value.hardware_module_name.oid );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ ret = mbedtls_snprintf( p, n, ", hardware serial number : " );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ for( i = 0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
+ {
+ ret = mbedtls_snprintf( p, n, "%02X", san->san.other_name.value.hardware_module_name.val.p[i] );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ }
+ }
+ break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */
+ case( MBEDTLS_X509_SAN_DNS_NAME ):
+ ret = mbedtls_snprintf( p, n, "\ndNSName : " );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ if( san->san.unstructured_name.len >= n )
+ {
+ *p = '\0';
+ return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
+ }
+ n -= san->san.unstructured_name.len;
+ for( i = 0; i < san->san.unstructured_name.len; i++ )
+ *p++ = san->san.unstructured_name.p[i];
+ break;/* MBEDTLS_X509_SAN_DNS_NAME */
+
+ default:
+ /*
+ * Should not happen.
+ */
+ return( -1 );
+ }
+ ret = mbedtls_snprintf( p, n, "\n" );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ *size = n;
+ *buf = p;
+
+ return( 0 );
+}
+
+int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid,
+ int critical, const unsigned char *cp, const unsigned char *end )
+{
+ ( void ) crt;
+ ( void ) critical;
+ mbedtls_x509_buf *new_oid = (mbedtls_x509_buf *)p_ctx;
+ if( oid->tag == MBEDTLS_ASN1_OID &&
+ MBEDTLS_OID_CMP( MBEDTLS_OID_CERTIFICATE_POLICIES, oid ) == 0 )
+ {
+ /* Handle unknown certificate policy */
+ int ret, parse_ret = 0;
+ size_t len;
+ unsigned char **p = (unsigned char **)&cp;
+
+ /* Get main sequence tag */
+ ret = mbedtls_asn1_get_tag( p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE );
+ if( ret != 0 )
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+
+ if( *p + len != end )
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+
+ /*
+ * Cannot be an empty sequence.
+ */
+ if( len == 0 )
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+
+ while( *p < end )
+ {
+ const unsigned char *policy_end;
+
+ /*
+ * Get the policy sequence
+ */
+ if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+
+ policy_end = *p + len;
+
+ if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len,
+ MBEDTLS_ASN1_OID ) ) != 0 )
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+
+ /*
+ * Recognize exclusively the policy with OID 1
+ */
+ if( len != 1 || *p[0] != 1 )
+ parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
+
+ *p += len;
+
+ /*
+ * If there is an optional qualifier, then *p < policy_end
+ * Check the Qualifier len to verify it doesn't exceed policy_end.
+ */
+ if( *p < policy_end )
+ {
+ if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+ /*
+ * Skip the optional policy qualifiers.
+ */
+ *p += len;
+ }
+
+ if( *p != policy_end )
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+ }
+
+ if( *p != end )
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+
+ return( parse_ret );
+ }
+ else if( new_oid != NULL && new_oid->tag == oid->tag && new_oid->len == oid->len &&
+ memcmp( new_oid->p, oid->p, oid->len ) == 0 )
+ return( 0 );
+ else
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_BIGNUM_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
+void x509_accessor_ext_types( int ext_type, int has_ext_type )
+{
+ mbedtls_x509_crt crt;
+ int expected_result = ext_type & has_ext_type;
+
+ mbedtls_x509_crt_init( &crt );
+
+ crt.ext_types = ext_type;
+
+ TEST_ASSERT( mbedtls_x509_crt_has_ext_type( &crt, has_ext_type ) == expected_result );
+
+ mbedtls_x509_crt_free( &crt );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
+void x509_parse_san( char * crt_file, char * result_str )
+{
+ int ret;
+ mbedtls_x509_crt crt;
+ mbedtls_x509_subject_alternative_name san;
+ mbedtls_x509_sequence *cur = NULL;
+ char buf[2000];
+ char *p = buf;
+ size_t n = sizeof( buf );
+
+ mbedtls_x509_crt_init( &crt );
+ memset( buf, 0, 2000 );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+
+ if( crt.ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
+ {
+ cur = &crt.subject_alt_names;
+ while( cur != NULL )
+ {
+ ret = mbedtls_x509_parse_subject_alt_name( &cur->buf, &san );
+ TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
+ /*
+ * If san type not supported, ignore.
+ */
+ if( ret == 0)
+ TEST_ASSERT( verify_parse_san( &san, &p, &n ) == 0 );
+ cur = cur->next;
+ }
+ }
+
+ TEST_ASSERT( strcmp( buf, result_str ) == 0 );
+
+exit:
+
+ mbedtls_x509_crt_free( &crt );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_X509_CRT_PARSE_C */
+void x509_cert_info( char * crt_file, char * result_str )
+{
+ mbedtls_x509_crt crt;
+ char buf[2000];
+ int res;
+
+ mbedtls_x509_crt_init( &crt );
+ memset( buf, 0, 2000 );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+ res = mbedtls_x509_crt_info( buf, 2000, "", &crt );
+
+ TEST_ASSERT( res != -1 );
+ TEST_ASSERT( res != -2 );
+
+ TEST_ASSERT( strcmp( buf, result_str ) == 0 );
+
+exit:
+ mbedtls_x509_crt_free( &crt );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
+void mbedtls_x509_crl_info( char * crl_file, char * result_str )
+{
+ mbedtls_x509_crl crl;
+ char buf[2000];
+ int res;
+
+ mbedtls_x509_crl_init( &crl );
+ memset( buf, 0, 2000 );
+
+ TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
+ res = mbedtls_x509_crl_info( buf, 2000, "", &crl );
+
+ TEST_ASSERT( res != -1 );
+ TEST_ASSERT( res != -2 );
+
+ TEST_ASSERT( strcmp( buf, result_str ) == 0 );
+
+exit:
+ mbedtls_x509_crl_free( &crl );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
+void mbedtls_x509_crl_parse( char * crl_file, int result )
+{
+ mbedtls_x509_crl crl;
+ char buf[2000];
+
+ mbedtls_x509_crl_init( &crl );
+ memset( buf, 0, 2000 );
+
+ TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == result );
+
+exit:
+ mbedtls_x509_crl_free( &crl );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
+void mbedtls_x509_csr_info( char * csr_file, char * result_str )
+{
+ mbedtls_x509_csr csr;
+ char buf[2000];
+ int res;
+
+ mbedtls_x509_csr_init( &csr );
+ memset( buf, 0, 2000 );
+
+ TEST_ASSERT( mbedtls_x509_csr_parse_file( &csr, csr_file ) == 0 );
+ res = mbedtls_x509_csr_info( buf, 2000, "", &csr );
+
+ TEST_ASSERT( res != -1 );
+ TEST_ASSERT( res != -2 );
+
+ TEST_ASSERT( strcmp( buf, result_str ) == 0 );
+
+exit:
+ mbedtls_x509_csr_free( &csr );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
+void x509_verify_info( int flags, char * prefix, char * result_str )
+{
+ char buf[2000];
+ int res;
+
+ memset( buf, 0, sizeof( buf ) );
+
+ res = mbedtls_x509_crt_verify_info( buf, sizeof( buf ), prefix, flags );
+
+ TEST_ASSERT( res >= 0 );
+
+ TEST_ASSERT( strcmp( buf, result_str ) == 0 );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */
+void x509_verify_restart( char *crt_file, char *ca_file,
+ int result, int flags_result,
+ int max_ops, int min_restart, int max_restart )
+{
+ int ret, cnt_restart;
+ mbedtls_x509_crt_restart_ctx rs_ctx;
+ mbedtls_x509_crt crt;
+ mbedtls_x509_crt ca;
+ uint32_t flags = 0;
+
+ /*
+ * See comments on ecp_test_vect_restart() for op count precision.
+ *
+ * For reference, with mbed TLS 2.6 and default settings:
+ * - ecdsa_verify() for P-256: ~ 6700
+ * - ecdsa_verify() for P-384: ~ 18800
+ * - x509_verify() for server5 -> test-ca2: ~ 18800
+ * - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500
+ */
+
+ mbedtls_x509_crt_restart_init( &rs_ctx );
+ mbedtls_x509_crt_init( &crt );
+ mbedtls_x509_crt_init( &ca );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
+
+ mbedtls_ecp_set_max_ops( max_ops );
+
+ cnt_restart = 0;
+ do {
+ ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL,
+ &mbedtls_x509_crt_profile_default, NULL, &flags,
+ NULL, NULL, &rs_ctx );
+ } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+
+ TEST_ASSERT( ret == result );
+ TEST_ASSERT( flags == (uint32_t) flags_result );
+
+ TEST_ASSERT( cnt_restart >= min_restart );
+ TEST_ASSERT( cnt_restart <= max_restart );
+
+ /* Do we leak memory when aborting? */
+ ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL,
+ &mbedtls_x509_crt_profile_default, NULL, &flags,
+ NULL, NULL, &rs_ctx );
+ TEST_ASSERT( ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
+
+exit:
+ mbedtls_x509_crt_restart_free( &rs_ctx );
+ mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free( &ca );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
+void x509_verify( char *crt_file, char *ca_file, char *crl_file,
+ char *cn_name_str, int result, int flags_result,
+ char *profile_str,
+ char *verify_callback )
+{
+ mbedtls_x509_crt crt;
+ mbedtls_x509_crt ca;
+ mbedtls_x509_crl crl;
+ uint32_t flags = 0;
+ int res;
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL;
+ char * cn_name = NULL;
+ const mbedtls_x509_crt_profile *profile;
+
+ mbedtls_x509_crt_init( &crt );
+ mbedtls_x509_crt_init( &ca );
+ mbedtls_x509_crl_init( &crl );
+
+ USE_PSA_INIT( );
+
+ if( strcmp( cn_name_str, "NULL" ) != 0 )
+ cn_name = cn_name_str;
+
+ if( strcmp( profile_str, "" ) == 0 )
+ profile = &mbedtls_x509_crt_profile_default;
+ else if( strcmp( profile_str, "next" ) == 0 )
+ profile = &mbedtls_x509_crt_profile_next;
+ else if( strcmp( profile_str, "suite_b" ) == 0 )
+ profile = &mbedtls_x509_crt_profile_suiteb;
+ else if( strcmp( profile_str, "compat" ) == 0 )
+ profile = &compat_profile;
+ else if( strcmp( profile_str, "all" ) == 0 )
+ profile = &profile_all;
+ else
+ TEST_ASSERT( "Unknown algorithm profile" == 0 );
+
+ if( strcmp( verify_callback, "NULL" ) == 0 )
+ f_vrfy = NULL;
+ else if( strcmp( verify_callback, "verify_none" ) == 0 )
+ f_vrfy = verify_none;
+ else if( strcmp( verify_callback, "verify_all" ) == 0 )
+ f_vrfy = verify_all;
+ else
+ TEST_ASSERT( "No known verify callback selected" == 0 );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
+ TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
+
+ res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, cn_name, &flags, f_vrfy, NULL );
+
+ TEST_ASSERT( res == ( result ) );
+ TEST_ASSERT( flags == (uint32_t)( flags_result ) );
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ /* CRLs aren't supported with CA callbacks, so skip the CA callback
+ * version of the test if CRLs are in use. */
+ if( crl_file == NULL || strcmp( crl_file, "" ) == 0 )
+ {
+ flags = 0;
+
+ res = mbedtls_x509_crt_verify_with_ca_cb( &crt, ca_callback, &ca, profile, cn_name, &flags, f_vrfy, NULL );
+
+ TEST_ASSERT( res == ( result ) );
+ TEST_ASSERT( flags == (uint32_t)( flags_result ) );
+ }
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+exit:
+ mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free( &ca );
+ mbedtls_x509_crl_free( &crl );
+ USE_PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+void x509_verify_ca_cb_failure( char *crt_file, char *ca_file, char *name,
+ int exp_ret )
+{
+ int ret;
+ mbedtls_x509_crt crt;
+ mbedtls_x509_crt ca;
+ uint32_t flags = 0;
+
+ mbedtls_x509_crt_init( &crt );
+ mbedtls_x509_crt_init( &ca );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
+
+ if( strcmp( name, "NULL" ) == 0 )
+ name = NULL;
+
+ ret = mbedtls_x509_crt_verify_with_ca_cb( &crt, ca_callback_fail, &ca,
+ &compat_profile, name, &flags,
+ NULL, NULL );
+
+ TEST_ASSERT( ret == exp_ret );
+ TEST_ASSERT( flags == (uint32_t)( -1 ) );
+exit:
+ mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free( &ca );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
+void x509_verify_callback( char *crt_file, char *ca_file, char *name,
+ int exp_ret, char *exp_vrfy_out )
+{
+ int ret;
+ mbedtls_x509_crt crt;
+ mbedtls_x509_crt ca;
+ uint32_t flags = 0;
+ verify_print_context vrfy_ctx;
+
+ mbedtls_x509_crt_init( &crt );
+ mbedtls_x509_crt_init( &ca );
+ verify_print_init( &vrfy_ctx );
+
+ USE_PSA_INIT( );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
+
+ if( strcmp( name, "NULL" ) == 0 )
+ name = NULL;
+
+ ret = mbedtls_x509_crt_verify_with_profile( &crt, &ca, NULL,
+ &compat_profile,
+ name, &flags,
+ verify_print, &vrfy_ctx );
+
+ TEST_ASSERT( ret == exp_ret );
+ TEST_ASSERT( strcmp( vrfy_ctx.buf, exp_vrfy_out ) == 0 );
+
+exit:
+ mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free( &ca );
+ USE_PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
+void mbedtls_x509_dn_gets_subject_replace( char * crt_file, char * new_subject_ou, char * result_str, int ret )
+{
+ mbedtls_x509_crt crt;
+ char buf[2000];
+ int res = 0;
+
+ mbedtls_x509_crt_init( &crt );
+ memset( buf, 0, 2000 );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+ crt.subject.next->val.p = (unsigned char *) new_subject_ou;
+ crt.subject.next->val.len = strlen( new_subject_ou );
+
+ res = mbedtls_x509_dn_gets( buf, 2000, &crt.subject );
+
+ if ( ret != 0 )
+ {
+ TEST_ASSERT( res == ret );
+ }
+ else
+ {
+ TEST_ASSERT( res != -1 );
+ TEST_ASSERT( res != -2 );
+ TEST_ASSERT( strcmp( buf, result_str ) == 0 );
+ }
+exit:
+ mbedtls_x509_crt_free( &crt );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
+void mbedtls_x509_dn_gets( char * crt_file, char * entity, char * result_str )
+{
+ mbedtls_x509_crt crt;
+ char buf[2000];
+ int res = 0;
+
+ mbedtls_x509_crt_init( &crt );
+ memset( buf, 0, 2000 );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+ if( strcmp( entity, "subject" ) == 0 )
+ res = mbedtls_x509_dn_gets( buf, 2000, &crt.subject );
+ else if( strcmp( entity, "issuer" ) == 0 )
+ res = mbedtls_x509_dn_gets( buf, 2000, &crt.issuer );
+ else
+ TEST_ASSERT( "Unknown entity" == 0 );
+
+ TEST_ASSERT( res != -1 );
+ TEST_ASSERT( res != -2 );
+
+ TEST_ASSERT( strcmp( buf, result_str ) == 0 );
+
+exit:
+ mbedtls_x509_crt_free( &crt );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
+void mbedtls_x509_get_name( char * rdn_sequence, int exp_ret )
+{
+ unsigned char *name;
+ unsigned char *p;
+ size_t name_len;
+ mbedtls_x509_name head;
+ int ret;
+
+ memset( &head, 0, sizeof( head ) );
+
+ name = mbedtls_test_unhexify_alloc( rdn_sequence, &name_len );
+ p = name;
+
+ ret = mbedtls_x509_get_name( &p, ( name + name_len ), &head );
+ if( ret == 0 )
+ mbedtls_asn1_free_named_data_list_shallow( head.next );
+
+ TEST_EQUAL( ret, exp_ret );
+
+ mbedtls_free( name );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
+void mbedtls_x509_dn_get_next( char * name_str, int next_merged, char * expected_oids, int exp_count, char * exp_dn_gets )
+{
+ int ret = 0, i;
+ size_t len = 0, out_size;
+ mbedtls_asn1_named_data *names = NULL;
+ mbedtls_x509_name parsed, *parsed_cur;
+ // Size of buf is maximum required for test cases
+ unsigned char buf[80], *out = NULL, *c;
+ const char *short_name;
+
+ memset( &parsed, 0, sizeof( parsed ) );
+ memset( buf, 0, sizeof( buf ) );
+ c = buf + sizeof( buf );
+ // Additional size required for trailing space
+ out_size = strlen( expected_oids ) + 2;
+ ASSERT_ALLOC( out, out_size );
+
+ TEST_EQUAL( mbedtls_x509_string_to_names( &names, name_str ), 0 );
+
+ ret = mbedtls_x509_write_names( &c, buf, names );
+ TEST_LE_S( 0, ret );
+
+ TEST_EQUAL( mbedtls_asn1_get_tag( &c, buf + sizeof( buf ), &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ), 0 );
+ TEST_EQUAL( mbedtls_x509_get_name( &c, buf + sizeof( buf ), &parsed ), 0 );
+
+ // Iterate over names and set next_merged nodes
+ parsed_cur = &parsed;
+ for( ; next_merged != 0 && parsed_cur != NULL; next_merged = next_merged >> 1 )
+ {
+ parsed_cur->next_merged = next_merged & 0x01;
+ parsed_cur = parsed_cur->next;
+ }
+
+ // Iterate over RDN nodes and print OID of first element to buffer
+ parsed_cur = &parsed;
+ len = 0;
+ for( i = 0; parsed_cur != NULL; i++ )
+ {
+ TEST_EQUAL( mbedtls_oid_get_attr_short_name( &parsed_cur->oid,
+ &short_name ), 0 );
+ len += mbedtls_snprintf( (char*) out + len, out_size - len, "%s ", short_name );
+ parsed_cur = mbedtls_x509_dn_get_next( parsed_cur );
+ }
+ out[len-1] = 0;
+
+ TEST_EQUAL( exp_count, i );
+ TEST_EQUAL( strcmp( (char *) out, expected_oids ), 0 );
+ mbedtls_free( out );
+ out = NULL;
+
+ out_size = strlen( exp_dn_gets ) + 1;
+ ASSERT_ALLOC( out, out_size );
+
+ TEST_LE_S( 0, mbedtls_x509_dn_gets( (char *) out, out_size, &parsed ) );
+ TEST_EQUAL( strcmp( (char *) out, exp_dn_gets ), 0 );
+exit:
+ mbedtls_free( out );
+ mbedtls_asn1_free_named_data_list( &names );
+ mbedtls_asn1_free_named_data_list_shallow( parsed.next );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
+void mbedtls_x509_time_is_past( char * crt_file, char * entity, int result )
+{
+ mbedtls_x509_crt crt;
+
+ mbedtls_x509_crt_init( &crt );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+
+ if( strcmp( entity, "valid_from" ) == 0 )
+ TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_from ) == result );
+ else if( strcmp( entity, "valid_to" ) == 0 )
+ TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_to ) == result );
+ else
+ TEST_ASSERT( "Unknown entity" == 0 );
+
+exit:
+ mbedtls_x509_crt_free( &crt );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
+void mbedtls_x509_time_is_future( char * crt_file, char * entity, int result )
+{
+ mbedtls_x509_crt crt;
+
+ mbedtls_x509_crt_init( &crt );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+
+ if( strcmp( entity, "valid_from" ) == 0 )
+ TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_from ) == result );
+ else if( strcmp( entity, "valid_to" ) == 0 )
+ TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_to ) == result );
+ else
+ TEST_ASSERT( "Unknown entity" == 0 );
+
+exit:
+ mbedtls_x509_crt_free( &crt );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
+void x509parse_crt_file( char * crt_file, int result )
+{
+ mbedtls_x509_crt crt;
+
+ mbedtls_x509_crt_init( &crt );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == result );
+
+exit:
+ mbedtls_x509_crt_free( &crt );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
+void x509parse_crt( data_t * buf, char * result_str, int result )
+{
+ mbedtls_x509_crt crt;
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ unsigned char output[2000] = { 0 };
+ int res;
+#else
+ ((void) result_str);
+#endif
+
+ mbedtls_x509_crt_init( &crt );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_der( &crt, buf->x, buf->len ) == ( result ) );
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ if( ( result ) == 0 )
+ {
+ res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
+ TEST_ASSERT( res != -1 );
+ TEST_ASSERT( res != -2 );
+
+ TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
+ }
+ memset( output, 0, 2000 );
+#endif
+
+ mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_init( &crt );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_der_nocopy( &crt, buf->x, buf->len ) == ( result ) );
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ if( ( result ) == 0 )
+ {
+ memset( output, 0, 2000 );
+
+ res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
+
+ TEST_ASSERT( res != -1 );
+ TEST_ASSERT( res != -2 );
+
+ TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
+ }
+ memset( output, 0, 2000 );
+#endif /* !MBEDTLS_X509_REMOVE_INFO */
+
+ mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_init( &crt );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, NULL, NULL ) == ( result ) );
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ if( ( result ) == 0 )
+ {
+ res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
+
+ TEST_ASSERT( res != -1 );
+ TEST_ASSERT( res != -2 );
+
+ TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
+ }
+ memset( output, 0, 2000 );
+#endif /* !MBEDTLS_X509_REMOVE_INFO */
+
+ mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_init( &crt );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, NULL, NULL ) == ( result ) );
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ if( ( result ) == 0 )
+ {
+ res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
+
+ TEST_ASSERT( res != -1 );
+ TEST_ASSERT( res != -2 );
+
+ TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
+ }
+#endif /* !MBEDTLS_X509_REMOVE_INFO */
+
+exit:
+ mbedtls_x509_crt_free( &crt );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
+void x509parse_crt_cb( data_t * buf, char * result_str, int result )
+{
+ mbedtls_x509_crt crt;
+ mbedtls_x509_buf oid;
+
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ unsigned char output[2000] = { 0 };
+ int res;
+#else
+ ((void) result_str);
+#endif
+
+ oid.tag = MBEDTLS_ASN1_OID;
+ oid.len = MBEDTLS_OID_SIZE(MBEDTLS_OID_PKIX "\x01\x1F");
+ oid.p = (unsigned char *)MBEDTLS_OID_PKIX "\x01\x1F";
+
+ mbedtls_x509_crt_init( &crt );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, parse_crt_ext_cb, &oid ) == ( result ) );
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ if( ( result ) == 0 )
+ {
+ res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
+
+ TEST_ASSERT( res != -1 );
+ TEST_ASSERT( res != -2 );
+
+ TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
+ }
+ memset( output, 0, 2000 );
+#endif /* !MBEDTLS_X509_REMOVE_INFO */
+
+ mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_init( &crt );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, parse_crt_ext_cb, &oid ) == ( result ) );
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ if( ( result ) == 0 )
+ {
+ res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
+
+ TEST_ASSERT( res != -1 );
+ TEST_ASSERT( res != -2 );
+
+ TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
+ }
+#endif /* !MBEDTLS_X509_REMOVE_INFO */
+
+exit:
+ mbedtls_x509_crt_free( &crt );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
+void x509parse_crl( data_t * buf, char * result_str, int result )
+{
+ mbedtls_x509_crl crl;
+ unsigned char output[2000];
+ int res;
+
+ mbedtls_x509_crl_init( &crl );
+ memset( output, 0, 2000 );
+
+
+ TEST_ASSERT( mbedtls_x509_crl_parse( &crl, buf->x, buf->len ) == ( result ) );
+ if( ( result ) == 0 )
+ {
+ res = mbedtls_x509_crl_info( (char *) output, 2000, "", &crl );
+
+ TEST_ASSERT( res != -1 );
+ TEST_ASSERT( res != -2 );
+
+ TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
+ }
+
+exit:
+ mbedtls_x509_crl_free( &crl );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
+void mbedtls_x509_csr_parse( data_t * csr_der, char * ref_out, int ref_ret )
+{
+ mbedtls_x509_csr csr;
+ char my_out[1000];
+ int my_ret;
+
+ mbedtls_x509_csr_init( &csr );
+ memset( my_out, 0, sizeof( my_out ) );
+
+ my_ret = mbedtls_x509_csr_parse_der( &csr, csr_der->x, csr_der->len );
+ TEST_ASSERT( my_ret == ref_ret );
+
+ if( ref_ret == 0 )
+ {
+ size_t my_out_len = mbedtls_x509_csr_info( my_out, sizeof( my_out ), "", &csr );
+ TEST_ASSERT( my_out_len == strlen( ref_out ) );
+ TEST_ASSERT( strcmp( my_out, ref_out ) == 0 );
+ }
+
+exit:
+ mbedtls_x509_csr_free( &csr );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
+void mbedtls_x509_crt_parse_path( char * crt_path, int ret, int nb_crt )
+{
+ mbedtls_x509_crt chain, *cur;
+ int i;
+
+ mbedtls_x509_crt_init( &chain );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_path( &chain, crt_path ) == ret );
+
+ /* Check how many certs we got */
+ for( i = 0, cur = &chain; cur != NULL; cur = cur->next )
+ if( cur->raw.p != NULL )
+ i++;
+
+ TEST_ASSERT( i == nb_crt );
+
+exit:
+ mbedtls_x509_crt_free( &chain );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
+void mbedtls_x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int,
+ int ret_chk, int flags_chk )
+{
+ char file_buf[128];
+ int ret;
+ uint32_t flags;
+ mbedtls_x509_crt trusted, chain;
+
+ /*
+ * We expect chain_dir to contain certificates 00.crt, 01.crt, etc.
+ * with NN.crt signed by NN-1.crt
+ */
+
+ mbedtls_x509_crt_init( &trusted );
+ mbedtls_x509_crt_init( &chain );
+
+ USE_PSA_INIT( );
+
+ /* Load trusted root */
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, ca_file ) == 0 );
+
+ /* Load a chain with nb_int intermediates (from 01 to nb_int),
+ * plus one "end-entity" cert (nb_int + 1) */
+ ret = mbedtls_snprintf( file_buf, sizeof file_buf, "%s/c%02d.pem", chain_dir,
+ nb_int + 1 );
+ TEST_ASSERT( ret > 0 && (size_t) ret < sizeof file_buf );
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, file_buf ) == 0 );
+
+ /* Try to verify that chain */
+ ret = mbedtls_x509_crt_verify( &chain, &trusted, NULL, NULL, &flags,
+ NULL, NULL );
+ TEST_ASSERT( ret == ret_chk );
+ TEST_ASSERT( flags == (uint32_t) flags_chk );
+
+exit:
+ mbedtls_x509_crt_free( &chain );
+ mbedtls_x509_crt_free( &trusted );
+ USE_PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
+void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca,
+ int flags_result, int result,
+ char *profile_name, int vrfy_fatal_lvls )
+{
+ char* act;
+ uint32_t flags;
+ int res;
+ mbedtls_x509_crt trusted, chain;
+ const mbedtls_x509_crt_profile *profile = NULL;
+
+ mbedtls_x509_crt_init( &chain );
+ mbedtls_x509_crt_init( &trusted );
+
+ USE_PSA_INIT( );
+
+ while( ( act = mystrsep( &chain_paths, " " ) ) != NULL )
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, act ) == 0 );
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, trusted_ca ) == 0 );
+
+ if( strcmp( profile_name, "" ) == 0 )
+ profile = &mbedtls_x509_crt_profile_default;
+ else if( strcmp( profile_name, "next" ) == 0 )
+ profile = &mbedtls_x509_crt_profile_next;
+ else if( strcmp( profile_name, "suiteb" ) == 0 )
+ profile = &mbedtls_x509_crt_profile_suiteb;
+ else if( strcmp( profile_name, "rsa3072" ) == 0 )
+ profile = &profile_rsa3072;
+ else if( strcmp( profile_name, "sha512" ) == 0 )
+ profile = &profile_sha512;
+
+ res = mbedtls_x509_crt_verify_with_profile( &chain, &trusted, NULL, profile,
+ NULL, &flags, verify_fatal, &vrfy_fatal_lvls );
+
+ TEST_ASSERT( res == ( result ) );
+ TEST_ASSERT( flags == (uint32_t)( flags_result ) );
+
+exit:
+ mbedtls_x509_crt_free( &trusted );
+ mbedtls_x509_crt_free( &chain );
+ USE_PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C:!MBEDTLS_X509_REMOVE_INFO */
+void x509_oid_desc( data_t * buf, char * ref_desc )
+{
+ mbedtls_x509_buf oid;
+ const char *desc = NULL;
+ int ret;
+
+
+ oid.tag = MBEDTLS_ASN1_OID;
+ oid.p = buf->x;
+ oid.len = buf->len;
+
+ ret = mbedtls_oid_get_extended_key_usage( &oid, &desc );
+
+ if( strcmp( ref_desc, "notfound" ) == 0 )
+ {
+ TEST_ASSERT( ret != 0 );
+ TEST_ASSERT( desc == NULL );
+ }
+ else
+ {
+ TEST_ASSERT( ret == 0 );
+ TEST_ASSERT( desc != NULL );
+ TEST_ASSERT( strcmp( desc, ref_desc ) == 0 );
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
+void x509_oid_numstr( data_t * oid_buf, char * numstr, int blen, int ret )
+{
+ mbedtls_x509_buf oid;
+ char num_buf[100];
+
+ memset( num_buf, 0x2a, sizeof num_buf );
+
+ oid.tag = MBEDTLS_ASN1_OID;
+ oid.p = oid_buf->x;
+ oid.len = oid_buf->len;
+
+ TEST_ASSERT( (size_t) blen <= sizeof num_buf );
+
+ TEST_ASSERT( mbedtls_oid_get_numeric_string( num_buf, blen, &oid ) == ret );
+
+ if( ret >= 0 )
+ {
+ TEST_ASSERT( num_buf[ret] == 0 );
+ TEST_ASSERT( strcmp( num_buf, numstr ) == 0 );
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
+void x509_check_key_usage( char * crt_file, int usage, int ret )
+{
+ mbedtls_x509_crt crt;
+
+ mbedtls_x509_crt_init( &crt );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+
+ TEST_ASSERT( mbedtls_x509_crt_check_key_usage( &crt, usage ) == ret );
+
+exit:
+ mbedtls_x509_crt_free( &crt );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
+void x509_check_extended_key_usage( char * crt_file, data_t * oid, int ret
+ )
+{
+ mbedtls_x509_crt crt;
+
+ mbedtls_x509_crt_init( &crt );
+
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+
+ TEST_ASSERT( mbedtls_x509_crt_check_extended_key_usage( &crt, (const char *)oid->x, oid->len ) == ret );
+
+exit:
+ mbedtls_x509_crt_free( &crt );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
+void x509_get_time( int tag, char * time_str, int ret, int year, int mon,
+ int day, int hour, int min, int sec )
+{
+ mbedtls_x509_time time;
+ unsigned char buf[21];
+ unsigned char* start = buf;
+ unsigned char* end = buf;
+
+ memset( &time, 0x00, sizeof( time ) );
+ *end = (unsigned char)tag; end++;
+ *end = strlen( time_str );
+ TEST_ASSERT( *end < 20 );
+ end++;
+ memcpy( end, time_str, (size_t)*(end - 1) );
+ end += *(end - 1);
+
+ TEST_ASSERT( mbedtls_x509_get_time( &start, end, &time ) == ret );
+ if( ret == 0 )
+ {
+ TEST_ASSERT( year == time.year );
+ TEST_ASSERT( mon == time.mon );
+ TEST_ASSERT( day == time.day );
+ TEST_ASSERT( hour == time.hour );
+ TEST_ASSERT( min == time.min );
+ TEST_ASSERT( sec == time.sec );
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */
+void x509_parse_rsassa_pss_params( data_t * params, int params_tag,
+ int ref_msg_md, int ref_mgf_md,
+ int ref_salt_len, int ref_ret )
+{
+ int my_ret;
+ mbedtls_x509_buf buf;
+ mbedtls_md_type_t my_msg_md, my_mgf_md;
+ int my_salt_len;
+
+ buf.p = params->x;
+ buf.len = params->len;
+ buf.tag = params_tag;
+
+ my_ret = mbedtls_x509_get_rsassa_pss_params( &buf, &my_msg_md, &my_mgf_md,
+ &my_salt_len );
+
+ TEST_ASSERT( my_ret == ref_ret );
+
+ if( ref_ret == 0 )
+ {
+ TEST_ASSERT( my_msg_md == (mbedtls_md_type_t) ref_msg_md );
+ TEST_ASSERT( my_mgf_md == (mbedtls_md_type_t) ref_mgf_md );
+ TEST_ASSERT( my_salt_len == ref_salt_len );
+ }
+
+exit:
+ ;;
+}
+/* END_CASE */
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 19:16:42 +0000