• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1/* BEGIN_HEADER */
2#include "mbedtls/bignum.h"
3#include "mbedtls/x509_crt.h"
4#include "mbedtls/x509_csr.h"
5#include "mbedtls/pem.h"
6#include "mbedtls/oid.h"
7#include "mbedtls/rsa.h"
8#include "mbedtls/asn1write.h"
9#include "mbedtls/pk.h"
10
11#include "hash_info.h"
12#include "mbedtls/legacy_or_psa.h"
13
14#if defined(MBEDTLS_RSA_C)
15int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,
16                             const unsigned char *input, unsigned char *output,
17                             size_t output_max_len)
18{
19    return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL,
20                                     olen, input, output, output_max_len);
21}
22int mbedtls_rsa_sign_func(void *ctx,
23                          int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
24                          mbedtls_md_type_t md_alg, unsigned int hashlen,
25                          const unsigned char *hash, unsigned char *sig)
26{
27    return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, f_rng, p_rng,
28                                  md_alg, hashlen, hash, sig);
29}
30size_t mbedtls_rsa_key_len_func(void *ctx)
31{
32    return ((const mbedtls_rsa_context *) ctx)->len;
33}
34#endif /* MBEDTLS_RSA_C */
35
36#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
37    defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C)
38static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen)
39{
40    unsigned char hash[PSA_HASH_MAX_SIZE];
41    mbedtls_x509_csr csr;
42    int ret = 0;
43
44    mbedtls_x509_csr_init(&csr);
45
46    if (mbedtls_x509_csr_parse(&csr, buf, buflen) != 0) {
47        ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
48        goto cleanup;
49    }
50
51    psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md(csr.sig_md);
52    size_t hash_size = 0;
53    psa_status_t status = psa_hash_compute(psa_alg, csr.cri.p, csr.cri.len,
54                                           hash, PSA_HASH_MAX_SIZE, &hash_size);
55
56    if (status != PSA_SUCCESS) {
57        /* Note: this can't happen except after an internal error */
58        ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
59        goto cleanup;
60    }
61
62    if (mbedtls_pk_verify_ext(csr.sig_pk, csr.sig_opts, &csr.pk,
63                              csr.sig_md, hash, mbedtls_hash_info_get_size(csr.sig_md),
64                              csr.sig.p, csr.sig.len) != 0) {
65        ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;
66        goto cleanup;
67    }
68
69cleanup:
70
71    mbedtls_x509_csr_free(&csr);
72    return ret;
73}
74#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */
75
76#if defined(MBEDTLS_X509_CSR_WRITE_C)
77
78/*
79 * The size of this temporary buffer is given by the sequence of functions
80 * called hereinafter:
81 * - mbedtls_asn1_write_oid()
82 *     - 8 bytes for MBEDTLS_OID_EXTENDED_KEY_USAGE raw value
83 *     - 1 byte for MBEDTLS_OID_EXTENDED_KEY_USAGE length
84 *     - 1 byte for MBEDTLS_ASN1_OID tag
85 * - mbedtls_asn1_write_len()
86 *     - 1 byte since we're dealing with sizes which are less than 0x80
87 * - mbedtls_asn1_write_tag()
88 *     - 1 byte
89 *
90 * This length is fine as long as this function is called using the
91 * MBEDTLS_OID_SERVER_AUTH OID. If this is changed in the future, then this
92 * buffer's length should be adjusted accordingly.
93 * Unfortunately there's no predefined max size for OIDs which can be used
94 * to set an overall upper boundary which is always guaranteed.
95 */
96#define EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH    12
97
98static int csr_set_extended_key_usage(mbedtls_x509write_csr *ctx,
99                                      const char *oid, size_t oid_len)
100{
101    unsigned char buf[EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH] = { 0 };
102    unsigned char *p = buf + sizeof(buf);
103    int ret;
104    size_t len = 0;
105
106    /*
107     * Following functions fail anyway if the temporary buffer is not large,
108     * but we set an extra check here to emphasize a possible source of errors
109     */
110    if (oid_len > EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH) {
111        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
112    }
113
114    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(&p, buf, oid, oid_len));
115    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, ret));
116    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf,
117                                                     MBEDTLS_ASN1_CONSTRUCTED |
118                                                     MBEDTLS_ASN1_SEQUENCE));
119
120    ret = mbedtls_x509write_csr_set_extension(ctx,
121                                              MBEDTLS_OID_EXTENDED_KEY_USAGE,
122                                              MBEDTLS_OID_SIZE(MBEDTLS_OID_EXTENDED_KEY_USAGE),
123                                              0,
124                                              p,
125                                              len);
126
127    return ret;
128}
129#endif  /* MBEDTLS_X509_CSR_WRITE_C */
130/* END_HEADER */
131
132/* BEGIN_DEPENDENCIES
133 * depends_on:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO:MBEDTLS_PK_PARSE_C
134 * END_DEPENDENCIES
135 */
136
137/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */
138void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
139                    int key_usage, int set_key_usage, int cert_type,
140                    int set_cert_type, int set_extension)
141{
142    mbedtls_pk_context key;
143    mbedtls_x509write_csr req;
144    unsigned char buf[4096];
145    int ret;
146#if !defined(MBEDTLS_USE_PSA_CRYPTO)
147    unsigned char check_buf[4000];
148    FILE *f;
149    size_t olen = 0;
150#endif /* !MBEDTLS_USE_PSA_CRYPTO */
151    size_t pem_len = 0, buf_index;
152    int der_len = -1;
153    const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
154    mbedtls_test_rnd_pseudo_info rnd_info;
155    mbedtls_x509_san_list san_ip;
156    mbedtls_x509_san_list san_dns;
157    mbedtls_x509_san_list san_uri;
158    mbedtls_x509_san_list *san_list = NULL;
159    const char san_ip_name[] = { 0x7f, 0x01, 0x01, 0x00 }; // 127.1.1.0
160    const char *san_dns_name = "example.com";
161    const char *san_uri_name = "http://pki.example.com/";
162
163    san_uri.node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER;
164    san_uri.node.san.unstructured_name.p = (unsigned char *) san_uri_name;
165    san_uri.node.san.unstructured_name.len = strlen(san_uri_name);
166    san_uri.next = NULL;
167    san_ip.node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
168    san_ip.node.san.unstructured_name.p = (unsigned char *) san_ip_name;
169    san_ip.node.san.unstructured_name.len = sizeof(san_ip_name);
170    san_ip.next = &san_uri;
171    san_dns.node.type = MBEDTLS_X509_SAN_DNS_NAME;
172    san_dns.node.san.unstructured_name.p = (unsigned char *) san_dns_name;
173    san_dns.node.san.unstructured_name.len = strlen(san_dns_name);
174    san_dns.next = &san_ip;
175    san_list = &san_dns;
176
177    memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
178
179    mbedtls_x509write_csr_init(&req);
180
181    USE_PSA_INIT();
182
183    mbedtls_pk_init(&key);
184    TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
185                                         mbedtls_test_rnd_std_rand, NULL) == 0);
186
187    mbedtls_x509write_csr_set_md_alg(&req, md_type);
188    mbedtls_x509write_csr_set_key(&req, &key);
189    TEST_ASSERT(mbedtls_x509write_csr_set_subject_name(&req, subject_name) == 0);
190    if (set_key_usage != 0) {
191        TEST_ASSERT(mbedtls_x509write_csr_set_key_usage(&req, key_usage) == 0);
192    }
193    if (set_cert_type != 0) {
194        TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == 0);
195    }
196    if (set_extension != 0) {
197        TEST_ASSERT(csr_set_extended_key_usage(&req, MBEDTLS_OID_SERVER_AUTH,
198                                               MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH)) == 0);
199
200        TEST_ASSERT(mbedtls_x509write_csr_set_subject_alternative_name(&req, san_list) == 0);
201    }
202
203    ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf),
204                                    mbedtls_test_rnd_pseudo_rand, &rnd_info);
205    TEST_ASSERT(ret == 0);
206
207    pem_len = strlen((char *) buf);
208
209    for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) {
210        TEST_ASSERT(buf[buf_index] == 0);
211    }
212
213#if defined(MBEDTLS_USE_PSA_CRYPTO)
214    // When using PSA crypto, RNG isn't controllable, so cert_req_check_file can't be used
215    (void) cert_req_check_file;
216    buf[pem_len] = '\0';
217    TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0);
218#else
219    f = fopen(cert_req_check_file, "r");
220    TEST_ASSERT(f != NULL);
221    olen = fread(check_buf, 1, sizeof(check_buf), f);
222    fclose(f);
223
224    TEST_ASSERT(olen >= pem_len - 1);
225    TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
226#endif /* MBEDTLS_USE_PSA_CRYPTO */
227
228    der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf),
229                                        mbedtls_test_rnd_pseudo_rand,
230                                        &rnd_info);
231    TEST_ASSERT(der_len >= 0);
232
233    if (der_len == 0) {
234        goto exit;
235    }
236
237#if defined(MBEDTLS_USE_PSA_CRYPTO)
238    // When using PSA crypto, RNG isn't controllable, result length isn't
239    // deterministic over multiple runs, removing a single byte isn't enough to
240    // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case
241    der_len /= 2;
242#else
243    der_len -= 1;
244#endif
245    ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len),
246                                    mbedtls_test_rnd_pseudo_rand, &rnd_info);
247    TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
248
249exit:
250    mbedtls_x509write_csr_free(&req);
251    mbedtls_pk_free(&key);
252    USE_PSA_DONE();
253}
254/* END_CASE */
255
256/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C:MBEDTLS_USE_PSA_CRYPTO */
257void x509_csr_check_opaque(char *key_file, int md_type, int key_usage,
258                           int cert_type)
259{
260    mbedtls_pk_context key;
261    mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
262    psa_algorithm_t md_alg_psa, alg_psa;
263    mbedtls_x509write_csr req;
264    unsigned char buf[4096];
265    int ret;
266    size_t pem_len = 0;
267    const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
268    mbedtls_test_rnd_pseudo_info rnd_info;
269
270    memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
271
272    mbedtls_x509write_csr_init(&req);
273
274    USE_PSA_INIT();
275
276    md_alg_psa = mbedtls_hash_info_psa_from_md((mbedtls_md_type_t) md_type);
277    TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE);
278
279    mbedtls_pk_init(&key);
280    TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
281                                         mbedtls_test_rnd_std_rand, NULL) == 0);
282
283    if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
284        alg_psa = PSA_ALG_ECDSA(md_alg_psa);
285    } else if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
286        alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN(md_alg_psa);
287    } else {
288        TEST_ASSUME(!"PK key type not supported in this configuration");
289    }
290
291    TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&key, &key_id, alg_psa,
292                                          PSA_KEY_USAGE_SIGN_HASH,
293                                          PSA_ALG_NONE) == 0);
294
295    mbedtls_x509write_csr_set_md_alg(&req, md_type);
296    mbedtls_x509write_csr_set_key(&req, &key);
297    TEST_ASSERT(mbedtls_x509write_csr_set_subject_name(&req, subject_name) == 0);
298    if (key_usage != 0) {
299        TEST_ASSERT(mbedtls_x509write_csr_set_key_usage(&req, key_usage) == 0);
300    }
301    if (cert_type != 0) {
302        TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == 0);
303    }
304
305    ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1,
306                                    mbedtls_test_rnd_pseudo_rand, &rnd_info);
307
308    TEST_ASSERT(ret == 0);
309
310    pem_len = strlen((char *) buf);
311    buf[pem_len] = '\0';
312    TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0);
313
314
315exit:
316    mbedtls_x509write_csr_free(&req);
317    mbedtls_pk_free(&key);
318    psa_destroy_key(key_id);
319    PSA_DONE();
320}
321/* END_CASE */
322
323/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CRT_WRITE_C:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
324void x509_crt_check(char *subject_key_file, char *subject_pwd,
325                    char *subject_name, char *issuer_key_file,
326                    char *issuer_pwd, char *issuer_name,
327                    data_t *serial_arg, char *not_before, char *not_after,
328                    int md_type, int key_usage, int set_key_usage,
329                    char *ext_key_usage,
330                    int cert_type, int set_cert_type, int auth_ident,
331                    int ver, char *cert_check_file, int pk_wrap, int is_ca,
332                    char *cert_verify_file)
333{
334    mbedtls_pk_context subject_key, issuer_key, issuer_key_alt;
335    mbedtls_pk_context *key = &issuer_key;
336
337    mbedtls_x509write_cert crt;
338    unsigned char buf[4096];
339    unsigned char check_buf[5000];
340    unsigned char *p, *end;
341    unsigned char tag, sz;
342#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
343    mbedtls_mpi serial_mpi;
344#endif
345    int ret, before_tag, after_tag;
346    size_t olen = 0, pem_len = 0, buf_index = 0;
347    int der_len = -1;
348    FILE *f;
349    mbedtls_test_rnd_pseudo_info rnd_info;
350#if defined(MBEDTLS_USE_PSA_CRYPTO)
351    mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
352#endif
353    mbedtls_pk_type_t issuer_key_type;
354
355    memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
356#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
357    mbedtls_mpi_init(&serial_mpi);
358#endif
359
360    USE_PSA_INIT();
361
362    mbedtls_pk_init(&subject_key);
363    mbedtls_pk_init(&issuer_key);
364    mbedtls_pk_init(&issuer_key_alt);
365
366    mbedtls_x509write_crt_init(&crt);
367
368    TEST_ASSERT(mbedtls_pk_parse_keyfile(&subject_key, subject_key_file,
369                                         subject_pwd, mbedtls_test_rnd_std_rand, NULL) == 0);
370
371    TEST_ASSERT(mbedtls_pk_parse_keyfile(&issuer_key, issuer_key_file,
372                                         issuer_pwd, mbedtls_test_rnd_std_rand, NULL) == 0);
373
374    issuer_key_type = mbedtls_pk_get_type(&issuer_key);
375
376#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
377    /* For RSA PK contexts, create a copy as an alternative RSA context. */
378    if (pk_wrap == 1 && issuer_key_type == MBEDTLS_PK_RSA) {
379        TEST_ASSERT(mbedtls_pk_setup_rsa_alt(&issuer_key_alt,
380                                             mbedtls_pk_rsa(issuer_key),
381                                             mbedtls_rsa_decrypt_func,
382                                             mbedtls_rsa_sign_func,
383                                             mbedtls_rsa_key_len_func) == 0);
384
385        key = &issuer_key_alt;
386    }
387#endif
388
389#if defined(MBEDTLS_USE_PSA_CRYPTO)
390    /* For Opaque PK contexts, wrap key as an Opaque RSA context. */
391    if (pk_wrap == 2) {
392        psa_algorithm_t alg_psa, md_alg_psa;
393
394        md_alg_psa = mbedtls_hash_info_psa_from_md((mbedtls_md_type_t) md_type);
395        TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE);
396
397        if (mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_ECKEY) {
398            alg_psa = PSA_ALG_ECDSA(md_alg_psa);
399        } else if (mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_RSA) {
400            alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN(md_alg_psa);
401        } else {
402            TEST_ASSUME(!"PK key type not supported in this configuration");
403        }
404
405        TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&issuer_key, &key_id, alg_psa,
406                                              PSA_KEY_USAGE_SIGN_HASH,
407                                              PSA_ALG_NONE) == 0);
408    }
409#endif /* MBEDTLS_USE_PSA_CRYPTO */
410
411    if (pk_wrap == 2) {
412        TEST_ASSERT(mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_OPAQUE);
413    }
414
415    if (ver != -1) {
416        mbedtls_x509write_crt_set_version(&crt, ver);
417    }
418
419#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
420    TEST_ASSERT(mbedtls_mpi_read_binary(&serial_mpi, serial_arg->x,
421                                        serial_arg->len) == 0);
422    TEST_ASSERT(mbedtls_x509write_crt_set_serial(&crt, &serial_mpi) == 0);
423#else
424    TEST_ASSERT(mbedtls_x509write_crt_set_serial_raw(&crt, serial_arg->x,
425                                                     serial_arg->len) == 0);
426#endif
427    TEST_ASSERT(mbedtls_x509write_crt_set_validity(&crt, not_before,
428                                                   not_after) == 0);
429    mbedtls_x509write_crt_set_md_alg(&crt, md_type);
430    TEST_ASSERT(mbedtls_x509write_crt_set_issuer_name(&crt, issuer_name) == 0);
431    TEST_ASSERT(mbedtls_x509write_crt_set_subject_name(&crt, subject_name) == 0);
432    mbedtls_x509write_crt_set_subject_key(&crt, &subject_key);
433
434    mbedtls_x509write_crt_set_issuer_key(&crt, key);
435
436    if (crt.version >= MBEDTLS_X509_CRT_VERSION_3) {
437        /* For the CA case, a path length of -1 means unlimited. */
438        TEST_ASSERT(mbedtls_x509write_crt_set_basic_constraints(&crt, is_ca,
439                                                                (is_ca ? -1 : 0)) == 0);
440        TEST_ASSERT(mbedtls_x509write_crt_set_subject_key_identifier(&crt) == 0);
441        if (auth_ident) {
442            TEST_ASSERT(mbedtls_x509write_crt_set_authority_key_identifier(&crt) == 0);
443        }
444        if (set_key_usage != 0) {
445            TEST_ASSERT(mbedtls_x509write_crt_set_key_usage(&crt, key_usage) == 0);
446        }
447        if (set_cert_type != 0) {
448            TEST_ASSERT(mbedtls_x509write_crt_set_ns_cert_type(&crt, cert_type) == 0);
449        }
450        if (strcmp(ext_key_usage, "NULL") != 0) {
451            mbedtls_asn1_sequence exts[2];
452            memset(exts, 0, sizeof(exts));
453
454#define SET_OID(x, oid)                \
455    do {                               \
456        x.len = MBEDTLS_OID_SIZE(oid); \
457        x.p   = (unsigned char *) oid;   \
458        x.tag = MBEDTLS_ASN1_OID;      \
459    }                                  \
460    while (0)
461
462            if (strcmp(ext_key_usage, "serverAuth") == 0) {
463                SET_OID(exts[0].buf, MBEDTLS_OID_SERVER_AUTH);
464            } else if (strcmp(ext_key_usage, "codeSigning,timeStamping") == 0) {
465                SET_OID(exts[0].buf, MBEDTLS_OID_CODE_SIGNING);
466                exts[0].next = &exts[1];
467                SET_OID(exts[1].buf, MBEDTLS_OID_TIME_STAMPING);
468            }
469            TEST_ASSERT(mbedtls_x509write_crt_set_ext_key_usage(&crt, exts) == 0);
470        }
471    }
472
473    ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf),
474                                    mbedtls_test_rnd_pseudo_rand, &rnd_info);
475    TEST_ASSERT(ret == 0);
476
477    pem_len = strlen((char *) buf);
478
479    // check that the rest of the buffer remains clear
480    for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) {
481        TEST_ASSERT(buf[buf_index] == 0);
482    }
483
484    if (issuer_key_type != MBEDTLS_PK_RSA) {
485        mbedtls_x509_crt crt_parse, trusted;
486        uint32_t flags;
487
488        mbedtls_x509_crt_init(&crt_parse);
489        mbedtls_x509_crt_init(&trusted);
490
491        TEST_ASSERT(mbedtls_x509_crt_parse_file(&trusted,
492                                                cert_verify_file) == 0);
493        TEST_ASSERT(mbedtls_x509_crt_parse(&crt_parse,
494                                           buf, sizeof(buf)) == 0);
495
496        ret = mbedtls_x509_crt_verify(&crt_parse, &trusted, NULL, NULL, &flags,
497                                      NULL, NULL);
498
499        mbedtls_x509_crt_free(&crt_parse);
500        mbedtls_x509_crt_free(&trusted);
501
502        TEST_EQUAL(flags, 0);
503        TEST_EQUAL(ret, 0);
504    } else if (*cert_check_file != '\0') {
505        f = fopen(cert_check_file, "r");
506        TEST_ASSERT(f != NULL);
507        olen = fread(check_buf, 1, sizeof(check_buf), f);
508        fclose(f);
509        TEST_ASSERT(olen < sizeof(check_buf));
510
511        TEST_EQUAL(olen, pem_len);
512        TEST_ASSERT(olen >= pem_len - 1);
513        TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
514    }
515
516    der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf),
517                                        mbedtls_test_rnd_pseudo_rand,
518                                        &rnd_info);
519    TEST_ASSERT(der_len >= 0);
520
521    if (der_len == 0) {
522        goto exit;
523    }
524
525    // Not testing against file, check date format
526    if (*cert_check_file == '\0') {
527        // UTC tag if before 2050, 2 digits less for year
528        if (not_before[0] == '2' && (not_before[1] > '0' || not_before[2] > '4')) {
529            before_tag = MBEDTLS_ASN1_GENERALIZED_TIME;
530        } else {
531            before_tag = MBEDTLS_ASN1_UTC_TIME;
532            not_before += 2;
533        }
534        if (not_after[0] == '2' && (not_after[1] > '0' || not_after[2] > '4')) {
535            after_tag = MBEDTLS_ASN1_GENERALIZED_TIME;
536        } else {
537            after_tag = MBEDTLS_ASN1_UTC_TIME;
538            not_after += 2;
539        }
540        end = buf + sizeof(buf);
541        for (p = end - der_len; p < end;) {
542            tag = *p++;
543            sz = *p++;
544            if (tag == MBEDTLS_ASN1_UTC_TIME || tag == MBEDTLS_ASN1_GENERALIZED_TIME) {
545                // Check correct tag and time written
546                TEST_ASSERT(before_tag == tag);
547                TEST_ASSERT(memcmp(p, not_before, sz - 1) == 0);
548                p += sz;
549                tag = *p++;
550                sz = *p++;
551                TEST_ASSERT(after_tag == tag);
552                TEST_ASSERT(memcmp(p, not_after, sz - 1) == 0);
553                break;
554            }
555            // Increment if long form ASN1 length
556            if (sz & 0x80) {
557                p += sz & 0x0F;
558            }
559            if (tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
560                p += sz;
561            }
562        }
563        TEST_ASSERT(p < end);
564    }
565
566#if defined(MBEDTLS_USE_PSA_CRYPTO)
567    // When using PSA crypto, RNG isn't controllable, result length isn't
568    // deterministic over multiple runs, removing a single byte isn't enough to
569    // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case
570    if (issuer_key_type != MBEDTLS_PK_RSA) {
571        der_len /= 2;
572    } else
573#endif
574    der_len -= 1;
575
576    ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len),
577                                    mbedtls_test_rnd_pseudo_rand, &rnd_info);
578    TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
579
580exit:
581    mbedtls_x509write_crt_free(&crt);
582    mbedtls_pk_free(&issuer_key_alt);
583    mbedtls_pk_free(&subject_key);
584    mbedtls_pk_free(&issuer_key);
585#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
586    mbedtls_mpi_free(&serial_mpi);
587#endif
588#if defined(MBEDTLS_USE_PSA_CRYPTO)
589    psa_destroy_key(key_id);
590#endif
591    USE_PSA_DONE();
592}
593/* END_CASE */
594
595/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_WRITE_C */
596void x509_set_serial_check()
597{
598    mbedtls_x509write_cert ctx;
599    uint8_t invalid_serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN + 1];
600
601    memset(invalid_serial, 0x01, sizeof(invalid_serial));
602
603#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
604    mbedtls_mpi serial_mpi;
605
606    mbedtls_mpi_init(&serial_mpi);
607    TEST_EQUAL(mbedtls_mpi_read_binary(&serial_mpi, invalid_serial,
608                                       sizeof(invalid_serial)), 0);
609    TEST_EQUAL(mbedtls_x509write_crt_set_serial(&ctx, &serial_mpi),
610               MBEDTLS_ERR_X509_BAD_INPUT_DATA);
611#endif
612
613    TEST_EQUAL(mbedtls_x509write_crt_set_serial_raw(&ctx, invalid_serial,
614                                                    sizeof(invalid_serial)),
615               MBEDTLS_ERR_X509_BAD_INPUT_DATA);
616
617exit:
618#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
619    mbedtls_mpi_free(&serial_mpi);
620#else
621    ;
622#endif
623}
624/* END_CASE */
625
626/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */
627void mbedtls_x509_string_to_names(char *name, char *parsed_name, int result
628                                  )
629{
630    int ret;
631    size_t len = 0;
632    mbedtls_asn1_named_data *names = NULL;
633    mbedtls_x509_name parsed, *parsed_cur, *parsed_prv;
634    unsigned char buf[1024], out[1024], *c;
635
636    memset(&parsed, 0, sizeof(parsed));
637    memset(out, 0, sizeof(out));
638    memset(buf, 0, sizeof(buf));
639    c = buf + sizeof(buf);
640
641    ret = mbedtls_x509_string_to_names(&names, name);
642    TEST_ASSERT(ret == result);
643
644    if (ret != 0) {
645        goto exit;
646    }
647
648    ret = mbedtls_x509_write_names(&c, buf, names);
649    TEST_ASSERT(ret > 0);
650
651    TEST_ASSERT(mbedtls_asn1_get_tag(&c, buf + sizeof(buf), &len,
652                                     MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) == 0);
653    TEST_ASSERT(mbedtls_x509_get_name(&c, buf + sizeof(buf), &parsed) == 0);
654
655    ret = mbedtls_x509_dn_gets((char *) out, sizeof(out), &parsed);
656    TEST_ASSERT(ret > 0);
657
658    TEST_ASSERT(strcmp((char *) out, parsed_name) == 0);
659
660exit:
661    mbedtls_asn1_free_named_data_list(&names);
662
663    parsed_cur = parsed.next;
664    while (parsed_cur != 0) {
665        parsed_prv = parsed_cur;
666        parsed_cur = parsed_cur->next;
667        mbedtls_free(parsed_prv);
668    }
669}
670/* END_CASE */
671