1/* BEGIN_HEADER */ 2#include "mbedtls/bignum.h" 3#include "mbedtls/x509_crt.h" 4#include "mbedtls/x509_csr.h" 5#include "mbedtls/pem.h" 6#include "mbedtls/oid.h" 7#include "mbedtls/rsa.h" 8 9#if defined(MBEDTLS_RSA_C) 10int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen, 11 const unsigned char *input, unsigned char *output, 12 size_t output_max_len ) 13{ 14 return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen, 15 input, output, output_max_len ) ); 16} 17int mbedtls_rsa_sign_func( void *ctx, 18 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 19 int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, 20 const unsigned char *hash, unsigned char *sig ) 21{ 22 return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode, 23 md_alg, hashlen, hash, sig ) ); 24} 25size_t mbedtls_rsa_key_len_func( void *ctx ) 26{ 27 return( ((const mbedtls_rsa_context *) ctx)->len ); 28} 29#endif /* MBEDTLS_RSA_C */ 30 31/* END_HEADER */ 32 33/* BEGIN_DEPENDENCIES 34 * depends_on:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO:MBEDTLS_PK_PARSE_C 35 * END_DEPENDENCIES 36 */ 37 38/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */ 39void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, 40 int key_usage, int set_key_usage, int cert_type, 41 int set_cert_type ) 42{ 43 mbedtls_pk_context key; 44 mbedtls_x509write_csr req; 45 unsigned char buf[4096]; 46 unsigned char check_buf[4000]; 47 int ret; 48 size_t olen = 0, pem_len = 0, buf_index; 49 int der_len = -1; 50 FILE *f; 51 const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; 52 rnd_pseudo_info rnd_info; 53 54 memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) ); 55 56 mbedtls_pk_init( &key ); 57 TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 ); 58 59 mbedtls_x509write_csr_init( &req ); 60 mbedtls_x509write_csr_set_md_alg( &req, md_type ); 61 mbedtls_x509write_csr_set_key( &req, &key ); 62 TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 ); 63 if( set_key_usage != 0 ) 64 TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 ); 65 if( set_cert_type != 0 ) 66 TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 ); 67 68 ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ), 69 rnd_pseudo_rand, &rnd_info ); 70 TEST_ASSERT( ret == 0 ); 71 72 pem_len = strlen( (char *) buf ); 73 74 for( buf_index = pem_len; buf_index < sizeof( buf ); ++buf_index ) 75 { 76 TEST_ASSERT( buf[buf_index] == 0 ); 77 } 78 79 f = fopen( cert_req_check_file, "r" ); 80 TEST_ASSERT( f != NULL ); 81 olen = fread( check_buf, 1, sizeof( check_buf ), f ); 82 fclose( f ); 83 84 TEST_ASSERT( olen >= pem_len - 1 ); 85 TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 ); 86 87 der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ), 88 rnd_pseudo_rand, &rnd_info ); 89 TEST_ASSERT( der_len >= 0 ); 90 91 if( der_len == 0 ) 92 goto exit; 93 94 ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len - 1 ), 95 rnd_pseudo_rand, &rnd_info ); 96 TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); 97 98exit: 99 mbedtls_x509write_csr_free( &req ); 100 mbedtls_pk_free( &key ); 101} 102/* END_CASE */ 103 104/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CRT_WRITE_C:MBEDTLS_SHA1_C */ 105void x509_crt_check( char *subject_key_file, char *subject_pwd, 106 char *subject_name, char *issuer_key_file, 107 char *issuer_pwd, char *issuer_name, 108 char *serial_str, char *not_before, char *not_after, 109 int md_type, int key_usage, int set_key_usage, 110 int cert_type, int set_cert_type, int auth_ident, 111 int ver, char *cert_check_file, int rsa_alt ) 112{ 113 mbedtls_pk_context subject_key, issuer_key, issuer_key_alt; 114 mbedtls_pk_context *key = &issuer_key; 115 116 mbedtls_x509write_cert crt; 117 unsigned char buf[4096]; 118 unsigned char check_buf[5000]; 119 mbedtls_mpi serial; 120 int ret; 121 size_t olen = 0, pem_len = 0, buf_index = 0; 122 int der_len = -1; 123 FILE *f; 124 rnd_pseudo_info rnd_info; 125 126 memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) ); 127 mbedtls_mpi_init( &serial ); 128 129 mbedtls_pk_init( &subject_key ); 130 mbedtls_pk_init( &issuer_key ); 131 mbedtls_pk_init( &issuer_key_alt ); 132 133 mbedtls_x509write_crt_init( &crt ); 134 135 TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file, 136 subject_pwd ) == 0 ); 137 138 TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file, 139 issuer_pwd ) == 0 ); 140 141#if defined(MBEDTLS_RSA_C) 142 /* For RSA PK contexts, create a copy as an alternative RSA context. */ 143 if( rsa_alt == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA ) 144 { 145 TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &issuer_key_alt, 146 mbedtls_pk_rsa( issuer_key ), 147 mbedtls_rsa_decrypt_func, 148 mbedtls_rsa_sign_func, 149 mbedtls_rsa_key_len_func ) == 0 ); 150 151 key = &issuer_key_alt; 152 } 153#else 154 (void) rsa_alt; 155#endif 156 157 TEST_ASSERT( mbedtls_test_read_mpi( &serial, 10, serial_str ) == 0 ); 158 159 if( ver != -1 ) 160 mbedtls_x509write_crt_set_version( &crt, ver ); 161 162 TEST_ASSERT( mbedtls_x509write_crt_set_serial( &crt, &serial ) == 0 ); 163 TEST_ASSERT( mbedtls_x509write_crt_set_validity( &crt, not_before, 164 not_after ) == 0 ); 165 mbedtls_x509write_crt_set_md_alg( &crt, md_type ); 166 TEST_ASSERT( mbedtls_x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 ); 167 TEST_ASSERT( mbedtls_x509write_crt_set_subject_name( &crt, subject_name ) == 0 ); 168 mbedtls_x509write_crt_set_subject_key( &crt, &subject_key ); 169 170 mbedtls_x509write_crt_set_issuer_key( &crt, key ); 171 172 if( crt.version >= MBEDTLS_X509_CRT_VERSION_3 ) 173 { 174 TEST_ASSERT( mbedtls_x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 ); 175 TEST_ASSERT( mbedtls_x509write_crt_set_subject_key_identifier( &crt ) == 0 ); 176 if( auth_ident ) 177 TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 ); 178 if( set_key_usage != 0 ) 179 TEST_ASSERT( mbedtls_x509write_crt_set_key_usage( &crt, key_usage ) == 0 ); 180 if( set_cert_type != 0 ) 181 TEST_ASSERT( mbedtls_x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 ); 182 } 183 184 ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof( buf ), 185 rnd_pseudo_rand, &rnd_info ); 186 TEST_ASSERT( ret == 0 ); 187 188 pem_len = strlen( (char *) buf ); 189 190 // check that the rest of the buffer remains clear 191 for( buf_index = pem_len; buf_index < sizeof( buf ); ++buf_index ) 192 { 193 TEST_ASSERT( buf[buf_index] == 0 ); 194 } 195 196 f = fopen( cert_check_file, "r" ); 197 TEST_ASSERT( f != NULL ); 198 olen = fread( check_buf, 1, sizeof( check_buf ), f ); 199 fclose( f ); 200 TEST_ASSERT( olen < sizeof( check_buf ) ); 201 202 TEST_ASSERT( olen >= pem_len - 1 ); 203 TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 ); 204 205 der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ), 206 rnd_pseudo_rand, &rnd_info ); 207 TEST_ASSERT( der_len >= 0 ); 208 209 if( der_len == 0 ) 210 goto exit; 211 212 ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ), 213 rnd_pseudo_rand, &rnd_info ); 214 TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); 215 216exit: 217 mbedtls_x509write_crt_free( &crt ); 218 mbedtls_pk_free( &issuer_key_alt ); 219 mbedtls_pk_free( &subject_key ); 220 mbedtls_pk_free( &issuer_key ); 221 mbedtls_mpi_free( &serial ); 222} 223/* END_CASE */ 224 225/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */ 226void mbedtls_x509_string_to_names( char * name, char * parsed_name, int result 227 ) 228{ 229 int ret; 230 size_t len = 0; 231 mbedtls_asn1_named_data *names = NULL; 232 mbedtls_x509_name parsed, *parsed_cur, *parsed_prv; 233 unsigned char buf[1024], out[1024], *c; 234 235 memset( &parsed, 0, sizeof( parsed ) ); 236 memset( out, 0, sizeof( out ) ); 237 memset( buf, 0, sizeof( buf ) ); 238 c = buf + sizeof( buf ); 239 240 ret = mbedtls_x509_string_to_names( &names, name ); 241 TEST_ASSERT( ret == result ); 242 243 if( ret != 0 ) 244 goto exit; 245 246 ret = mbedtls_x509_write_names( &c, buf, names ); 247 TEST_ASSERT( ret > 0 ); 248 249 TEST_ASSERT( mbedtls_asn1_get_tag( &c, buf + sizeof( buf ), &len, 250 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) == 0 ); 251 TEST_ASSERT( mbedtls_x509_get_name( &c, buf + sizeof( buf ), &parsed ) == 0 ); 252 253 ret = mbedtls_x509_dn_gets( (char *) out, sizeof( out ), &parsed ); 254 TEST_ASSERT( ret > 0 ); 255 256 TEST_ASSERT( strcmp( (char *) out, parsed_name ) == 0 ); 257 258exit: 259 mbedtls_asn1_free_named_data_list( &names ); 260 261 parsed_cur = parsed.next; 262 while( parsed_cur != 0 ) 263 { 264 parsed_prv = parsed_cur; 265 parsed_cur = parsed_cur->next; 266 mbedtls_free( parsed_prv ); 267 } 268} 269/* END_CASE */ 270