1/* BEGIN_HEADER */ 2#include "mbedtls/bignum.h" 3#include "mbedtls/x509.h" 4#include "mbedtls/x509_crt.h" 5#include "mbedtls/x509_crl.h" 6#include "mbedtls/x509_csr.h" 7#include "mbedtls/pem.h" 8#include "mbedtls/oid.h" 9#include "mbedtls/base64.h" 10#include "mbedtls/error.h" 11#include "string.h" 12 13#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19 14#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \ 15than the current threshold 19. To test larger values, please \ 16adapt the script tests/data_files/dir-max/long.sh." 17#endif 18 19/* Test-only profile allowing all digests, PK algorithms, and curves. */ 20const mbedtls_x509_crt_profile profile_all = 21{ 22 0xFFFFFFFF, /* Any MD */ 23 0xFFFFFFFF, /* Any PK alg */ 24 0xFFFFFFFF, /* Any curve */ 25 1024, 26}; 27 28/* Profile for backward compatibility. Allows SHA-1, unlike the default 29 profile. */ 30const mbedtls_x509_crt_profile compat_profile = 31{ 32 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) | 33 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) | 34 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) | 35 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | 36 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | 37 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), 38 0xFFFFFFF, /* Any PK alg */ 39 0xFFFFFFF, /* Any curve */ 40 1024, 41}; 42 43const mbedtls_x509_crt_profile profile_rsa3072 = 44{ 45 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | 46 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | 47 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), 48 MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ), 49 0, 50 3072, 51}; 52 53const mbedtls_x509_crt_profile profile_sha512 = 54{ 55 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), 56 0xFFFFFFF, /* Any PK alg */ 57 0xFFFFFFF, /* Any curve */ 58 1024, 59}; 60 61int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags ) 62{ 63 ((void) data); 64 ((void) crt); 65 ((void) certificate_depth); 66 *flags |= MBEDTLS_X509_BADCERT_OTHER; 67 68 return 0; 69} 70 71int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags ) 72{ 73 ((void) data); 74 ((void) crt); 75 ((void) certificate_depth); 76 *flags = 0; 77 78 return 0; 79} 80 81#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 82int ca_callback_fail( void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates ) 83{ 84 ((void) data); 85 ((void) child); 86 ((void) candidates); 87 88 return -1; 89} 90 91int ca_callback( void *data, mbedtls_x509_crt const *child, 92 mbedtls_x509_crt **candidates ) 93{ 94 int ret = 0; 95 mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; 96 mbedtls_x509_crt *first; 97 98 /* This is a test-only implementation of the CA callback 99 * which always returns the entire list of trusted certificates. 100 * Production implementations managing a large number of CAs 101 * should use an efficient presentation and lookup for the 102 * set of trusted certificates (such as a hashtable) and only 103 * return those trusted certificates which satisfy basic 104 * parental checks, such as the matching of child `Issuer` 105 * and parent `Subject` field. */ 106 ((void) child); 107 108 first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); 109 if( first == NULL ) 110 { 111 ret = -1; 112 goto exit; 113 } 114 mbedtls_x509_crt_init( first ); 115 116 if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 ) 117 { 118 ret = -1; 119 goto exit; 120 } 121 122 while( ca->next != NULL ) 123 { 124 ca = ca->next; 125 if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 ) 126 { 127 ret = -1; 128 goto exit; 129 } 130 } 131 132exit: 133 134 if( ret != 0 ) 135 { 136 mbedtls_x509_crt_free( first ); 137 mbedtls_free( first ); 138 first = NULL; 139 } 140 141 *candidates = first; 142 return( ret ); 143} 144#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 145 146int verify_fatal( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags ) 147{ 148 int *levels = (int *) data; 149 150 ((void) crt); 151 ((void) certificate_depth); 152 153 /* Simulate a fatal error in the callback */ 154 if( *levels & ( 1 << certificate_depth ) ) 155 { 156 *flags |= ( 1 << certificate_depth ); 157 return( -1 - certificate_depth ); 158 } 159 160 return( 0 ); 161} 162 163/* strsep() not available on Windows */ 164char *mystrsep(char **stringp, const char *delim) 165{ 166 const char *p; 167 char *ret = *stringp; 168 169 if( *stringp == NULL ) 170 return( NULL ); 171 172 for( ; ; (*stringp)++ ) 173 { 174 if( **stringp == '\0' ) 175 { 176 *stringp = NULL; 177 goto done; 178 } 179 180 for( p = delim; *p != '\0'; p++ ) 181 if( **stringp == *p ) 182 { 183 **stringp = '\0'; 184 (*stringp)++; 185 goto done; 186 } 187 } 188 189done: 190 return( ret ); 191} 192 193#if defined(MBEDTLS_X509_CRT_PARSE_C) 194typedef struct { 195 char buf[512]; 196 char *p; 197} verify_print_context; 198 199void verify_print_init( verify_print_context *ctx ) 200{ 201 memset( ctx, 0, sizeof( verify_print_context ) ); 202 ctx->p = ctx->buf; 203} 204 205int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags ) 206{ 207 int ret; 208 verify_print_context *ctx = (verify_print_context *) data; 209 char *p = ctx->p; 210 size_t n = ctx->buf + sizeof( ctx->buf ) - ctx->p; 211 ((void) flags); 212 213 ret = mbedtls_snprintf( p, n, "depth %d - serial ", certificate_depth ); 214 MBEDTLS_X509_SAFE_SNPRINTF; 215 216 ret = mbedtls_x509_serial_gets( p, n, &crt->serial ); 217 MBEDTLS_X509_SAFE_SNPRINTF; 218 219 ret = mbedtls_snprintf( p, n, " - subject " ); 220 MBEDTLS_X509_SAFE_SNPRINTF; 221 222 ret = mbedtls_x509_dn_gets( p, n, &crt->subject ); 223 MBEDTLS_X509_SAFE_SNPRINTF; 224 225 ret = mbedtls_snprintf( p, n, " - flags 0x%08x\n", *flags ); 226 MBEDTLS_X509_SAFE_SNPRINTF; 227 228 ctx->p = p; 229 230 return( 0 ); 231} 232 233int verify_parse_san( mbedtls_x509_subject_alternative_name *san, 234 char **buf, size_t *size ) 235{ 236 int ret; 237 size_t i; 238 char *p = *buf; 239 size_t n = *size; 240 241 ret = mbedtls_snprintf( p, n, "type : %d", san->type ); 242 MBEDTLS_X509_SAFE_SNPRINTF; 243 244 switch( san->type ) 245 { 246 case( MBEDTLS_X509_SAN_OTHER_NAME ): 247 ret = mbedtls_snprintf( p, n, "\notherName :"); 248 MBEDTLS_X509_SAFE_SNPRINTF; 249 250 if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, 251 &san->san.other_name.value.hardware_module_name.oid ) != 0 ) 252 { 253 ret = mbedtls_snprintf( p, n, " hardware module name :" ); 254 MBEDTLS_X509_SAFE_SNPRINTF; 255 ret = mbedtls_snprintf( p, n, " hardware type : " ); 256 MBEDTLS_X509_SAFE_SNPRINTF; 257 258 ret = mbedtls_oid_get_numeric_string( p, n, 259 &san->san.other_name.value.hardware_module_name.oid ); 260 MBEDTLS_X509_SAFE_SNPRINTF; 261 262 ret = mbedtls_snprintf( p, n, ", hardware serial number : " ); 263 MBEDTLS_X509_SAFE_SNPRINTF; 264 265 if( san->san.other_name.value.hardware_module_name.val.len >= n ) 266 { 267 *p = '\0'; 268 return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); 269 } 270 271 for( i=0; i < san->san.other_name.value.hardware_module_name.val.len; i++ ) 272 { 273 *p++ = san->san.other_name.value.hardware_module_name.val.p[i]; 274 } 275 n -= san->san.other_name.value.hardware_module_name.val.len; 276 } 277 break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */ 278 case( MBEDTLS_X509_SAN_DNS_NAME ): 279 ret = mbedtls_snprintf( p, n, "\ndNSName : " ); 280 MBEDTLS_X509_SAFE_SNPRINTF; 281 if( san->san.unstructured_name.len >= n ) 282 { 283 *p = '\0'; 284 return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); 285 } 286 n -= san->san.unstructured_name.len; 287 for( i = 0; i < san->san.unstructured_name.len; i++ ) 288 *p++ = san->san.unstructured_name.p[i]; 289 break;/* MBEDTLS_X509_SAN_DNS_NAME */ 290 291 default: 292 /* 293 * Should not happen. 294 */ 295 return( -1 ); 296 } 297 ret = mbedtls_snprintf( p, n, "\n" ); 298 MBEDTLS_X509_SAFE_SNPRINTF; 299 300 *size = n; 301 *buf = p; 302 303 return( 0 ); 304} 305 306int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, 307 int critical, const unsigned char *cp, const unsigned char *end ) 308{ 309 ( void ) crt; 310 ( void ) critical; 311 mbedtls_x509_buf *new_oid = (mbedtls_x509_buf *)p_ctx; 312 if( oid->tag == MBEDTLS_ASN1_OID && 313 MBEDTLS_OID_CMP( MBEDTLS_OID_CERTIFICATE_POLICIES, oid ) == 0 ) 314 { 315 /* Handle unknown certificate policy */ 316 int ret, parse_ret = 0; 317 size_t len; 318 unsigned char **p = (unsigned char **)&cp; 319 320 /* Get main sequence tag */ 321 ret = mbedtls_asn1_get_tag( p, end, &len, 322 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); 323 if( ret != 0 ) 324 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 325 326 if( *p + len != end ) 327 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 328 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 329 330 /* 331 * Cannot be an empty sequence. 332 */ 333 if( len == 0 ) 334 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 335 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 336 337 while( *p < end ) 338 { 339 const unsigned char *policy_end; 340 341 /* 342 * Get the policy sequence 343 */ 344 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 345 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 346 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 347 348 policy_end = *p + len; 349 350 if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, 351 MBEDTLS_ASN1_OID ) ) != 0 ) 352 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 353 354 /* 355 * Recognize exclusively the policy with OID 1 356 */ 357 if( len != 1 || *p[0] != 1 ) 358 parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; 359 360 *p += len; 361 362 /* 363 * If there is an optional qualifier, then *p < policy_end 364 * Check the Qualifier len to verify it doesn't exceed policy_end. 365 */ 366 if( *p < policy_end ) 367 { 368 if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, 369 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 370 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 371 /* 372 * Skip the optional policy qualifiers. 373 */ 374 *p += len; 375 } 376 377 if( *p != policy_end ) 378 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 379 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 380 } 381 382 if( *p != end ) 383 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 384 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 385 386 return( parse_ret ); 387 } 388 else if( new_oid != NULL && new_oid->tag == oid->tag && new_oid->len == oid->len && 389 memcmp( new_oid->p, oid->p, oid->len ) == 0 ) 390 return( 0 ); 391 else 392 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 393 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); 394} 395#endif /* MBEDTLS_X509_CRT_PARSE_C */ 396/* END_HEADER */ 397 398/* BEGIN_DEPENDENCIES 399 * depends_on:MBEDTLS_BIGNUM_C 400 * END_DEPENDENCIES 401 */ 402 403/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 404void x509_parse_san( char * crt_file, char * result_str ) 405{ 406 int ret; 407 mbedtls_x509_crt crt; 408 mbedtls_x509_subject_alternative_name san; 409 mbedtls_x509_sequence *cur = NULL; 410 char buf[2000]; 411 char *p = buf; 412 size_t n = sizeof( buf ); 413 414 mbedtls_x509_crt_init( &crt ); 415 memset( buf, 0, 2000 ); 416 417 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 418 419 if( crt.ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) 420 { 421 cur = &crt.subject_alt_names; 422 while( cur != NULL ) 423 { 424 ret = mbedtls_x509_parse_subject_alt_name( &cur->buf, &san ); 425 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); 426 /* 427 * If san type not supported, ignore. 428 */ 429 if( ret == 0) 430 TEST_ASSERT( verify_parse_san( &san, &p, &n ) == 0 ); 431 cur = cur->next; 432 } 433 } 434 435 TEST_ASSERT( strcmp( buf, result_str ) == 0 ); 436 437exit: 438 439 mbedtls_x509_crt_free( &crt ); 440} 441/* END_CASE */ 442 443/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 444void x509_cert_info( char * crt_file, char * result_str ) 445{ 446 mbedtls_x509_crt crt; 447 char buf[2000]; 448 int res; 449 450 mbedtls_x509_crt_init( &crt ); 451 memset( buf, 0, 2000 ); 452 453 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 454 res = mbedtls_x509_crt_info( buf, 2000, "", &crt ); 455 456 TEST_ASSERT( res != -1 ); 457 TEST_ASSERT( res != -2 ); 458 459 TEST_ASSERT( strcmp( buf, result_str ) == 0 ); 460 461exit: 462 mbedtls_x509_crt_free( &crt ); 463} 464/* END_CASE */ 465 466/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */ 467void mbedtls_x509_crl_info( char * crl_file, char * result_str ) 468{ 469 mbedtls_x509_crl crl; 470 char buf[2000]; 471 int res; 472 473 mbedtls_x509_crl_init( &crl ); 474 memset( buf, 0, 2000 ); 475 476 TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 ); 477 res = mbedtls_x509_crl_info( buf, 2000, "", &crl ); 478 479 TEST_ASSERT( res != -1 ); 480 TEST_ASSERT( res != -2 ); 481 482 TEST_ASSERT( strcmp( buf, result_str ) == 0 ); 483 484exit: 485 mbedtls_x509_crl_free( &crl ); 486} 487/* END_CASE */ 488 489/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */ 490void mbedtls_x509_crl_parse( char * crl_file, int result ) 491{ 492 mbedtls_x509_crl crl; 493 char buf[2000]; 494 495 mbedtls_x509_crl_init( &crl ); 496 memset( buf, 0, 2000 ); 497 498 TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == result ); 499 500exit: 501 mbedtls_x509_crl_free( &crl ); 502} 503/* END_CASE */ 504 505/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C */ 506void mbedtls_x509_csr_info( char * csr_file, char * result_str ) 507{ 508 mbedtls_x509_csr csr; 509 char buf[2000]; 510 int res; 511 512 mbedtls_x509_csr_init( &csr ); 513 memset( buf, 0, 2000 ); 514 515 TEST_ASSERT( mbedtls_x509_csr_parse_file( &csr, csr_file ) == 0 ); 516 res = mbedtls_x509_csr_info( buf, 2000, "", &csr ); 517 518 TEST_ASSERT( res != -1 ); 519 TEST_ASSERT( res != -2 ); 520 521 TEST_ASSERT( strcmp( buf, result_str ) == 0 ); 522 523exit: 524 mbedtls_x509_csr_free( &csr ); 525} 526/* END_CASE */ 527 528/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ 529void x509_verify_info( int flags, char * prefix, char * result_str ) 530{ 531 char buf[2000]; 532 int res; 533 534 memset( buf, 0, sizeof( buf ) ); 535 536 res = mbedtls_x509_crt_verify_info( buf, sizeof( buf ), prefix, flags ); 537 538 TEST_ASSERT( res >= 0 ); 539 540 TEST_ASSERT( strcmp( buf, result_str ) == 0 ); 541} 542/* END_CASE */ 543 544/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */ 545void x509_verify_restart( char *crt_file, char *ca_file, 546 int result, int flags_result, 547 int max_ops, int min_restart, int max_restart ) 548{ 549 int ret, cnt_restart; 550 mbedtls_x509_crt_restart_ctx rs_ctx; 551 mbedtls_x509_crt crt; 552 mbedtls_x509_crt ca; 553 uint32_t flags = 0; 554 555 /* 556 * See comments on ecp_test_vect_restart() for op count precision. 557 * 558 * For reference, with mbed TLS 2.6 and default settings: 559 * - ecdsa_verify() for P-256: ~ 6700 560 * - ecdsa_verify() for P-384: ~ 18800 561 * - x509_verify() for server5 -> test-ca2: ~ 18800 562 * - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500 563 */ 564 565 mbedtls_x509_crt_restart_init( &rs_ctx ); 566 mbedtls_x509_crt_init( &crt ); 567 mbedtls_x509_crt_init( &ca ); 568 569 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 570 TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 ); 571 572 mbedtls_ecp_set_max_ops( max_ops ); 573 574 cnt_restart = 0; 575 do { 576 ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL, 577 &mbedtls_x509_crt_profile_default, NULL, &flags, 578 NULL, NULL, &rs_ctx ); 579 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); 580 581 TEST_ASSERT( ret == result ); 582 TEST_ASSERT( flags == (uint32_t) flags_result ); 583 584 TEST_ASSERT( cnt_restart >= min_restart ); 585 TEST_ASSERT( cnt_restart <= max_restart ); 586 587 /* Do we leak memory when aborting? */ 588 ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL, 589 &mbedtls_x509_crt_profile_default, NULL, &flags, 590 NULL, NULL, &rs_ctx ); 591 TEST_ASSERT( ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 592 593exit: 594 mbedtls_x509_crt_restart_free( &rs_ctx ); 595 mbedtls_x509_crt_free( &crt ); 596 mbedtls_x509_crt_free( &ca ); 597} 598/* END_CASE */ 599 600/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */ 601void x509_verify( char *crt_file, char *ca_file, char *crl_file, 602 char *cn_name_str, int result, int flags_result, 603 char *profile_str, 604 char *verify_callback ) 605{ 606 mbedtls_x509_crt crt; 607 mbedtls_x509_crt ca; 608 mbedtls_x509_crl crl; 609 uint32_t flags = 0; 610 int res; 611 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL; 612 char * cn_name = NULL; 613 const mbedtls_x509_crt_profile *profile; 614 615 mbedtls_x509_crt_init( &crt ); 616 mbedtls_x509_crt_init( &ca ); 617 mbedtls_x509_crl_init( &crl ); 618 619 USE_PSA_INIT( ); 620 621 if( strcmp( cn_name_str, "NULL" ) != 0 ) 622 cn_name = cn_name_str; 623 624 if( strcmp( profile_str, "" ) == 0 ) 625 profile = &mbedtls_x509_crt_profile_default; 626 else if( strcmp( profile_str, "next" ) == 0 ) 627 profile = &mbedtls_x509_crt_profile_next; 628 else if( strcmp( profile_str, "suite_b" ) == 0 ) 629 profile = &mbedtls_x509_crt_profile_suiteb; 630 else if( strcmp( profile_str, "compat" ) == 0 ) 631 profile = &compat_profile; 632 else if( strcmp( profile_str, "all" ) == 0 ) 633 profile = &profile_all; 634 else 635 TEST_ASSERT( "Unknown algorithm profile" == 0 ); 636 637 if( strcmp( verify_callback, "NULL" ) == 0 ) 638 f_vrfy = NULL; 639 else if( strcmp( verify_callback, "verify_none" ) == 0 ) 640 f_vrfy = verify_none; 641 else if( strcmp( verify_callback, "verify_all" ) == 0 ) 642 f_vrfy = verify_all; 643 else 644 TEST_ASSERT( "No known verify callback selected" == 0 ); 645 646 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 647 TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 ); 648 TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 ); 649 650 res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, cn_name, &flags, f_vrfy, NULL ); 651 652 TEST_ASSERT( res == ( result ) ); 653 TEST_ASSERT( flags == (uint32_t)( flags_result ) ); 654 655#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 656 /* CRLs aren't supported with CA callbacks, so skip the CA callback 657 * version of the test if CRLs are in use. */ 658 if( crl_file == NULL || strcmp( crl_file, "" ) == 0 ) 659 { 660 flags = 0; 661 662 res = mbedtls_x509_crt_verify_with_ca_cb( &crt, ca_callback, &ca, profile, cn_name, &flags, f_vrfy, NULL ); 663 664 TEST_ASSERT( res == ( result ) ); 665 TEST_ASSERT( flags == (uint32_t)( flags_result ) ); 666 } 667#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 668exit: 669 mbedtls_x509_crt_free( &crt ); 670 mbedtls_x509_crt_free( &ca ); 671 mbedtls_x509_crl_free( &crl ); 672 USE_PSA_DONE( ); 673} 674/* END_CASE */ 675 676/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 677void x509_verify_ca_cb_failure( char *crt_file, char *ca_file, char *name, 678 int exp_ret ) 679{ 680 int ret; 681 mbedtls_x509_crt crt; 682 mbedtls_x509_crt ca; 683 uint32_t flags = 0; 684 685 mbedtls_x509_crt_init( &crt ); 686 mbedtls_x509_crt_init( &ca ); 687 688 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 689 TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 ); 690 691 if( strcmp( name, "NULL" ) == 0 ) 692 name = NULL; 693 694 ret = mbedtls_x509_crt_verify_with_ca_cb( &crt, ca_callback_fail, &ca, 695 &compat_profile, name, &flags, 696 NULL, NULL ); 697 698 TEST_ASSERT( ret == exp_ret ); 699 TEST_ASSERT( flags == (uint32_t)( -1 ) ); 700exit: 701 mbedtls_x509_crt_free( &crt ); 702 mbedtls_x509_crt_free( &ca ); 703} 704/* END_CASE */ 705 706/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 707void x509_verify_callback( char *crt_file, char *ca_file, char *name, 708 int exp_ret, char *exp_vrfy_out ) 709{ 710 int ret; 711 mbedtls_x509_crt crt; 712 mbedtls_x509_crt ca; 713 uint32_t flags = 0; 714 verify_print_context vrfy_ctx; 715 716 mbedtls_x509_crt_init( &crt ); 717 mbedtls_x509_crt_init( &ca ); 718 verify_print_init( &vrfy_ctx ); 719 720 USE_PSA_INIT( ); 721 722 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 723 TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 ); 724 725 if( strcmp( name, "NULL" ) == 0 ) 726 name = NULL; 727 728 ret = mbedtls_x509_crt_verify_with_profile( &crt, &ca, NULL, 729 &compat_profile, 730 name, &flags, 731 verify_print, &vrfy_ctx ); 732 733 TEST_ASSERT( ret == exp_ret ); 734 TEST_ASSERT( strcmp( vrfy_ctx.buf, exp_vrfy_out ) == 0 ); 735 736exit: 737 mbedtls_x509_crt_free( &crt ); 738 mbedtls_x509_crt_free( &ca ); 739 USE_PSA_DONE( ); 740} 741/* END_CASE */ 742 743/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 744void mbedtls_x509_dn_gets( char * crt_file, char * entity, char * result_str ) 745{ 746 mbedtls_x509_crt crt; 747 char buf[2000]; 748 int res = 0; 749 750 mbedtls_x509_crt_init( &crt ); 751 memset( buf, 0, 2000 ); 752 753 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 754 if( strcmp( entity, "subject" ) == 0 ) 755 res = mbedtls_x509_dn_gets( buf, 2000, &crt.subject ); 756 else if( strcmp( entity, "issuer" ) == 0 ) 757 res = mbedtls_x509_dn_gets( buf, 2000, &crt.issuer ); 758 else 759 TEST_ASSERT( "Unknown entity" == 0 ); 760 761 TEST_ASSERT( res != -1 ); 762 TEST_ASSERT( res != -2 ); 763 764 TEST_ASSERT( strcmp( buf, result_str ) == 0 ); 765 766exit: 767 mbedtls_x509_crt_free( &crt ); 768} 769/* END_CASE */ 770 771/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 772void mbedtls_x509_time_is_past( char * crt_file, char * entity, int result ) 773{ 774 mbedtls_x509_crt crt; 775 776 mbedtls_x509_crt_init( &crt ); 777 778 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 779 780 if( strcmp( entity, "valid_from" ) == 0 ) 781 TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_from ) == result ); 782 else if( strcmp( entity, "valid_to" ) == 0 ) 783 TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_to ) == result ); 784 else 785 TEST_ASSERT( "Unknown entity" == 0 ); 786 787exit: 788 mbedtls_x509_crt_free( &crt ); 789} 790/* END_CASE */ 791 792/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 793void mbedtls_x509_time_is_future( char * crt_file, char * entity, int result ) 794{ 795 mbedtls_x509_crt crt; 796 797 mbedtls_x509_crt_init( &crt ); 798 799 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 800 801 if( strcmp( entity, "valid_from" ) == 0 ) 802 TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_from ) == result ); 803 else if( strcmp( entity, "valid_to" ) == 0 ) 804 TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_to ) == result ); 805 else 806 TEST_ASSERT( "Unknown entity" == 0 ); 807 808exit: 809 mbedtls_x509_crt_free( &crt ); 810} 811/* END_CASE */ 812 813/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */ 814void x509parse_crt_file( char * crt_file, int result ) 815{ 816 mbedtls_x509_crt crt; 817 818 mbedtls_x509_crt_init( &crt ); 819 820 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == result ); 821 822exit: 823 mbedtls_x509_crt_free( &crt ); 824} 825/* END_CASE */ 826 827/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ 828void x509parse_crt( data_t * buf, char * result_str, int result ) 829{ 830 mbedtls_x509_crt crt; 831 unsigned char output[2000]; 832 int res; 833 834 mbedtls_x509_crt_init( &crt ); 835 memset( output, 0, 2000 ); 836 837 TEST_ASSERT( mbedtls_x509_crt_parse_der( &crt, buf->x, buf->len ) == ( result ) ); 838 if( ( result ) == 0 ) 839 { 840 res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); 841 842 TEST_ASSERT( res != -1 ); 843 TEST_ASSERT( res != -2 ); 844 845 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); 846 } 847 848 mbedtls_x509_crt_free( &crt ); 849 mbedtls_x509_crt_init( &crt ); 850 memset( output, 0, 2000 ); 851 852 TEST_ASSERT( mbedtls_x509_crt_parse_der_nocopy( &crt, buf->x, buf->len ) == ( result ) ); 853 if( ( result ) == 0 ) 854 { 855 res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); 856 857 TEST_ASSERT( res != -1 ); 858 TEST_ASSERT( res != -2 ); 859 860 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); 861 } 862 863 mbedtls_x509_crt_free( &crt ); 864 mbedtls_x509_crt_init( &crt ); 865 memset( output, 0, 2000 ); 866 867 TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, NULL, NULL ) == ( result ) ); 868 if( ( result ) == 0 ) 869 { 870 res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); 871 872 TEST_ASSERT( res != -1 ); 873 TEST_ASSERT( res != -2 ); 874 875 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); 876 } 877 878 mbedtls_x509_crt_free( &crt ); 879 mbedtls_x509_crt_init( &crt ); 880 memset( output, 0, 2000 ); 881 882 TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, NULL, NULL ) == ( result ) ); 883 if( ( result ) == 0 ) 884 { 885 res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); 886 887 TEST_ASSERT( res != -1 ); 888 TEST_ASSERT( res != -2 ); 889 890 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); 891 } 892 893exit: 894 mbedtls_x509_crt_free( &crt ); 895} 896/* END_CASE */ 897 898/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ 899void x509parse_crt_cb( data_t * buf, char * result_str, int result ) 900{ 901 mbedtls_x509_crt crt; 902 mbedtls_x509_buf oid; 903 unsigned char output[2000]; 904 int res; 905 906 oid.tag = MBEDTLS_ASN1_OID; 907 oid.len = MBEDTLS_OID_SIZE(MBEDTLS_OID_PKIX "\x01\x1F"); 908 oid.p = (unsigned char *)MBEDTLS_OID_PKIX "\x01\x1F"; 909 910 mbedtls_x509_crt_init( &crt ); 911 memset( output, 0, 2000 ); 912 913 TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, parse_crt_ext_cb, &oid ) == ( result ) ); 914 if( ( result ) == 0 ) 915 { 916 res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); 917 918 TEST_ASSERT( res != -1 ); 919 TEST_ASSERT( res != -2 ); 920 921 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); 922 } 923 924 mbedtls_x509_crt_free( &crt ); 925 mbedtls_x509_crt_init( &crt ); 926 memset( output, 0, 2000 ); 927 928 TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, parse_crt_ext_cb, &oid ) == ( result ) ); 929 if( ( result ) == 0 ) 930 { 931 res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); 932 933 TEST_ASSERT( res != -1 ); 934 TEST_ASSERT( res != -2 ); 935 936 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); 937 } 938 939exit: 940 mbedtls_x509_crt_free( &crt ); 941} 942/* END_CASE */ 943 944/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C */ 945void x509parse_crl( data_t * buf, char * result_str, int result ) 946{ 947 mbedtls_x509_crl crl; 948 unsigned char output[2000]; 949 int res; 950 951 mbedtls_x509_crl_init( &crl ); 952 memset( output, 0, 2000 ); 953 954 955 TEST_ASSERT( mbedtls_x509_crl_parse( &crl, buf->x, buf->len ) == ( result ) ); 956 if( ( result ) == 0 ) 957 { 958 res = mbedtls_x509_crl_info( (char *) output, 2000, "", &crl ); 959 960 TEST_ASSERT( res != -1 ); 961 TEST_ASSERT( res != -2 ); 962 963 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); 964 } 965 966exit: 967 mbedtls_x509_crl_free( &crl ); 968} 969/* END_CASE */ 970 971/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C */ 972void mbedtls_x509_csr_parse( data_t * csr_der, char * ref_out, int ref_ret ) 973{ 974 mbedtls_x509_csr csr; 975 char my_out[1000]; 976 int my_ret; 977 978 mbedtls_x509_csr_init( &csr ); 979 memset( my_out, 0, sizeof( my_out ) ); 980 981 my_ret = mbedtls_x509_csr_parse_der( &csr, csr_der->x, csr_der->len ); 982 TEST_ASSERT( my_ret == ref_ret ); 983 984 if( ref_ret == 0 ) 985 { 986 size_t my_out_len = mbedtls_x509_csr_info( my_out, sizeof( my_out ), "", &csr ); 987 TEST_ASSERT( my_out_len == strlen( ref_out ) ); 988 TEST_ASSERT( strcmp( my_out, ref_out ) == 0 ); 989 } 990 991exit: 992 mbedtls_x509_csr_free( &csr ); 993} 994/* END_CASE */ 995 996/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 997void mbedtls_x509_crt_parse_path( char * crt_path, int ret, int nb_crt ) 998{ 999 mbedtls_x509_crt chain, *cur; 1000 int i; 1001 1002 mbedtls_x509_crt_init( &chain ); 1003 1004 TEST_ASSERT( mbedtls_x509_crt_parse_path( &chain, crt_path ) == ret ); 1005 1006 /* Check how many certs we got */ 1007 for( i = 0, cur = &chain; cur != NULL; cur = cur->next ) 1008 if( cur->raw.p != NULL ) 1009 i++; 1010 1011 TEST_ASSERT( i == nb_crt ); 1012 1013exit: 1014 mbedtls_x509_crt_free( &chain ); 1015} 1016/* END_CASE */ 1017 1018/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 1019void mbedtls_x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int, 1020 int ret_chk, int flags_chk ) 1021{ 1022 char file_buf[128]; 1023 int ret; 1024 uint32_t flags; 1025 mbedtls_x509_crt trusted, chain; 1026 1027 /* 1028 * We expect chain_dir to contain certificates 00.crt, 01.crt, etc. 1029 * with NN.crt signed by NN-1.crt 1030 */ 1031 1032 mbedtls_x509_crt_init( &trusted ); 1033 mbedtls_x509_crt_init( &chain ); 1034 1035 USE_PSA_INIT( ); 1036 1037 /* Load trusted root */ 1038 TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, ca_file ) == 0 ); 1039 1040 /* Load a chain with nb_int intermediates (from 01 to nb_int), 1041 * plus one "end-entity" cert (nb_int + 1) */ 1042 ret = mbedtls_snprintf( file_buf, sizeof file_buf, "%s/c%02d.pem", chain_dir, 1043 nb_int + 1 ); 1044 TEST_ASSERT( ret > 0 && (size_t) ret < sizeof file_buf ); 1045 TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, file_buf ) == 0 ); 1046 1047 /* Try to verify that chain */ 1048 ret = mbedtls_x509_crt_verify( &chain, &trusted, NULL, NULL, &flags, 1049 NULL, NULL ); 1050 TEST_ASSERT( ret == ret_chk ); 1051 TEST_ASSERT( flags == (uint32_t) flags_chk ); 1052 1053exit: 1054 mbedtls_x509_crt_free( &chain ); 1055 mbedtls_x509_crt_free( &trusted ); 1056 USE_PSA_DONE( ); 1057} 1058/* END_CASE */ 1059 1060/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 1061void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca, 1062 int flags_result, int result, 1063 char *profile_name, int vrfy_fatal_lvls ) 1064{ 1065 char* act; 1066 uint32_t flags; 1067 int res; 1068 mbedtls_x509_crt trusted, chain; 1069 const mbedtls_x509_crt_profile *profile = NULL; 1070 1071 mbedtls_x509_crt_init( &chain ); 1072 mbedtls_x509_crt_init( &trusted ); 1073 1074 USE_PSA_INIT( ); 1075 1076 while( ( act = mystrsep( &chain_paths, " " ) ) != NULL ) 1077 TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, act ) == 0 ); 1078 TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, trusted_ca ) == 0 ); 1079 1080 if( strcmp( profile_name, "" ) == 0 ) 1081 profile = &mbedtls_x509_crt_profile_default; 1082 else if( strcmp( profile_name, "next" ) == 0 ) 1083 profile = &mbedtls_x509_crt_profile_next; 1084 else if( strcmp( profile_name, "suiteb" ) == 0 ) 1085 profile = &mbedtls_x509_crt_profile_suiteb; 1086 else if( strcmp( profile_name, "rsa3072" ) == 0 ) 1087 profile = &profile_rsa3072; 1088 else if( strcmp( profile_name, "sha512" ) == 0 ) 1089 profile = &profile_sha512; 1090 1091 res = mbedtls_x509_crt_verify_with_profile( &chain, &trusted, NULL, profile, 1092 NULL, &flags, verify_fatal, &vrfy_fatal_lvls ); 1093 1094 TEST_ASSERT( res == ( result ) ); 1095 TEST_ASSERT( flags == (uint32_t)( flags_result ) ); 1096 1097exit: 1098 mbedtls_x509_crt_free( &trusted ); 1099 mbedtls_x509_crt_free( &chain ); 1100 USE_PSA_DONE( ); 1101} 1102/* END_CASE */ 1103 1104/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ 1105void x509_oid_desc( data_t * buf, char * ref_desc ) 1106{ 1107 mbedtls_x509_buf oid; 1108 const char *desc = NULL; 1109 int ret; 1110 1111 1112 oid.tag = MBEDTLS_ASN1_OID; 1113 oid.p = buf->x; 1114 oid.len = buf->len; 1115 1116 ret = mbedtls_oid_get_extended_key_usage( &oid, &desc ); 1117 1118 if( strcmp( ref_desc, "notfound" ) == 0 ) 1119 { 1120 TEST_ASSERT( ret != 0 ); 1121 TEST_ASSERT( desc == NULL ); 1122 } 1123 else 1124 { 1125 TEST_ASSERT( ret == 0 ); 1126 TEST_ASSERT( desc != NULL ); 1127 TEST_ASSERT( strcmp( desc, ref_desc ) == 0 ); 1128 } 1129} 1130/* END_CASE */ 1131 1132/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ 1133void x509_oid_numstr( data_t * oid_buf, char * numstr, int blen, int ret ) 1134{ 1135 mbedtls_x509_buf oid; 1136 char num_buf[100]; 1137 1138 memset( num_buf, 0x2a, sizeof num_buf ); 1139 1140 oid.tag = MBEDTLS_ASN1_OID; 1141 oid.p = oid_buf->x; 1142 oid.len = oid_buf->len; 1143 1144 TEST_ASSERT( (size_t) blen <= sizeof num_buf ); 1145 1146 TEST_ASSERT( mbedtls_oid_get_numeric_string( num_buf, blen, &oid ) == ret ); 1147 1148 if( ret >= 0 ) 1149 { 1150 TEST_ASSERT( num_buf[ret] == 0 ); 1151 TEST_ASSERT( strcmp( num_buf, numstr ) == 0 ); 1152 } 1153} 1154/* END_CASE */ 1155 1156/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_KEY_USAGE */ 1157void x509_check_key_usage( char * crt_file, int usage, int ret ) 1158{ 1159 mbedtls_x509_crt crt; 1160 1161 mbedtls_x509_crt_init( &crt ); 1162 1163 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 1164 1165 TEST_ASSERT( mbedtls_x509_crt_check_key_usage( &crt, usage ) == ret ); 1166 1167exit: 1168 mbedtls_x509_crt_free( &crt ); 1169} 1170/* END_CASE */ 1171 1172/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ 1173void x509_check_extended_key_usage( char * crt_file, data_t * oid, int ret 1174 ) 1175{ 1176 mbedtls_x509_crt crt; 1177 1178 mbedtls_x509_crt_init( &crt ); 1179 1180 1181 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 1182 1183 TEST_ASSERT( mbedtls_x509_crt_check_extended_key_usage( &crt, (const char *)oid->x, oid->len ) == ret ); 1184 1185exit: 1186 mbedtls_x509_crt_free( &crt ); 1187} 1188/* END_CASE */ 1189 1190/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ 1191void x509_get_time( int tag, char * time_str, int ret, int year, int mon, 1192 int day, int hour, int min, int sec ) 1193{ 1194 mbedtls_x509_time time; 1195 unsigned char buf[21]; 1196 unsigned char* start = buf; 1197 unsigned char* end = buf; 1198 1199 memset( &time, 0x00, sizeof( time ) ); 1200 *end = (unsigned char)tag; end++; 1201 *end = strlen( time_str ); 1202 TEST_ASSERT( *end < 20 ); 1203 end++; 1204 memcpy( end, time_str, (size_t)*(end - 1) ); 1205 end += *(end - 1); 1206 1207 TEST_ASSERT( mbedtls_x509_get_time( &start, end, &time ) == ret ); 1208 if( ret == 0 ) 1209 { 1210 TEST_ASSERT( year == time.year ); 1211 TEST_ASSERT( mon == time.mon ); 1212 TEST_ASSERT( day == time.day ); 1213 TEST_ASSERT( hour == time.hour ); 1214 TEST_ASSERT( min == time.min ); 1215 TEST_ASSERT( sec == time.sec ); 1216 } 1217} 1218/* END_CASE */ 1219 1220/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */ 1221void x509_parse_rsassa_pss_params( data_t * params, int params_tag, 1222 int ref_msg_md, int ref_mgf_md, 1223 int ref_salt_len, int ref_ret ) 1224{ 1225 int my_ret; 1226 mbedtls_x509_buf buf; 1227 mbedtls_md_type_t my_msg_md, my_mgf_md; 1228 int my_salt_len; 1229 1230 buf.p = params->x; 1231 buf.len = params->len; 1232 buf.tag = params_tag; 1233 1234 my_ret = mbedtls_x509_get_rsassa_pss_params( &buf, &my_msg_md, &my_mgf_md, 1235 &my_salt_len ); 1236 1237 TEST_ASSERT( my_ret == ref_ret ); 1238 1239 if( ref_ret == 0 ) 1240 { 1241 TEST_ASSERT( my_msg_md == (mbedtls_md_type_t) ref_msg_md ); 1242 TEST_ASSERT( my_mgf_md == (mbedtls_md_type_t) ref_mgf_md ); 1243 TEST_ASSERT( my_salt_len == ref_salt_len ); 1244 } 1245 1246exit: 1247 ;; 1248} 1249/* END_CASE */ 1250 1251/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */ 1252void x509_selftest( ) 1253{ 1254 TEST_ASSERT( mbedtls_x509_self_test( 1 ) == 0 ); 1255} 1256/* END_CASE */ 1257