1/* BEGIN_HEADER */ 2#include "mbedtls/bignum.h" 3#include "mbedtls/x509.h" 4#include "mbedtls/x509_crt.h" 5#include "mbedtls/x509_crl.h" 6#include "mbedtls/x509_csr.h" 7#include "mbedtls/pem.h" 8#include "mbedtls/oid.h" 9#include "mbedtls/base64.h" 10#include "mbedtls/error.h" 11#include "string.h" 12 13#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19 14#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \ 15 than the current threshold 19. To test larger values, please \ 16 adapt the script tests/data_files/dir-max/long.sh." 17#endif 18 19/* Test-only profile allowing all digests, PK algorithms, and curves. */ 20const mbedtls_x509_crt_profile profile_all = 21{ 22 0xFFFFFFFF, /* Any MD */ 23 0xFFFFFFFF, /* Any PK alg */ 24 0xFFFFFFFF, /* Any curve */ 25 1024, 26}; 27 28/* Profile for backward compatibility. Allows SHA-1, unlike the default 29 profile. */ 30const mbedtls_x509_crt_profile compat_profile = 31{ 32 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1) | 33 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_RIPEMD160) | 34 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA224) | 35 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | 36 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | 37 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), 38 0xFFFFFFFF, /* Any PK alg */ 39 0xFFFFFFFF, /* Any curve */ 40 1024, 41}; 42 43const mbedtls_x509_crt_profile profile_rsa3072 = 44{ 45 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | 46 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | 47 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), 48 MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_RSA), 49 0, 50 3072, 51}; 52 53const mbedtls_x509_crt_profile profile_sha512 = 54{ 55 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), 56 0xFFFFFFFF, /* Any PK alg */ 57 0xFFFFFFFF, /* Any curve */ 58 1024, 59}; 60 61int verify_none(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) 62{ 63 ((void) data); 64 ((void) crt); 65 ((void) certificate_depth); 66 *flags |= MBEDTLS_X509_BADCERT_OTHER; 67 68 return 0; 69} 70 71int verify_all(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) 72{ 73 ((void) data); 74 ((void) crt); 75 ((void) certificate_depth); 76 *flags = 0; 77 78 return 0; 79} 80 81#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 82int ca_callback_fail(void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates) 83{ 84 ((void) data); 85 ((void) child); 86 ((void) candidates); 87 88 return -1; 89} 90 91int ca_callback(void *data, mbedtls_x509_crt const *child, 92 mbedtls_x509_crt **candidates) 93{ 94 int ret = 0; 95 mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; 96 mbedtls_x509_crt *first; 97 98 /* This is a test-only implementation of the CA callback 99 * which always returns the entire list of trusted certificates. 100 * Production implementations managing a large number of CAs 101 * should use an efficient presentation and lookup for the 102 * set of trusted certificates (such as a hashtable) and only 103 * return those trusted certificates which satisfy basic 104 * parental checks, such as the matching of child `Issuer` 105 * and parent `Subject` field. */ 106 ((void) child); 107 108 first = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); 109 if (first == NULL) { 110 ret = -1; 111 goto exit; 112 } 113 mbedtls_x509_crt_init(first); 114 115 if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) { 116 ret = -1; 117 goto exit; 118 } 119 120 while (ca->next != NULL) { 121 ca = ca->next; 122 if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) { 123 ret = -1; 124 goto exit; 125 } 126 } 127 128exit: 129 130 if (ret != 0) { 131 mbedtls_x509_crt_free(first); 132 mbedtls_free(first); 133 first = NULL; 134 } 135 136 *candidates = first; 137 return ret; 138} 139#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 140 141int verify_fatal(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) 142{ 143 int *levels = (int *) data; 144 145 ((void) crt); 146 ((void) certificate_depth); 147 148 /* Simulate a fatal error in the callback */ 149 if (*levels & (1 << certificate_depth)) { 150 *flags |= (1 << certificate_depth); 151 return -1 - certificate_depth; 152 } 153 154 return 0; 155} 156 157/* strsep() not available on Windows */ 158char *mystrsep(char **stringp, const char *delim) 159{ 160 const char *p; 161 char *ret = *stringp; 162 163 if (*stringp == NULL) { 164 return NULL; 165 } 166 167 for (;; (*stringp)++) { 168 if (**stringp == '\0') { 169 *stringp = NULL; 170 goto done; 171 } 172 173 for (p = delim; *p != '\0'; p++) { 174 if (**stringp == *p) { 175 **stringp = '\0'; 176 (*stringp)++; 177 goto done; 178 } 179 } 180 } 181 182done: 183 return ret; 184} 185 186#if defined(MBEDTLS_X509_CRT_PARSE_C) 187typedef struct { 188 char buf[512]; 189 char *p; 190} verify_print_context; 191 192void verify_print_init(verify_print_context *ctx) 193{ 194 memset(ctx, 0, sizeof(verify_print_context)); 195 ctx->p = ctx->buf; 196} 197 198int verify_print(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) 199{ 200 int ret; 201 verify_print_context *ctx = (verify_print_context *) data; 202 char *p = ctx->p; 203 size_t n = ctx->buf + sizeof(ctx->buf) - ctx->p; 204 ((void) flags); 205 206 ret = mbedtls_snprintf(p, n, "depth %d - serial ", certificate_depth); 207 MBEDTLS_X509_SAFE_SNPRINTF; 208 209 ret = mbedtls_x509_serial_gets(p, n, &crt->serial); 210 MBEDTLS_X509_SAFE_SNPRINTF; 211 212 ret = mbedtls_snprintf(p, n, " - subject "); 213 MBEDTLS_X509_SAFE_SNPRINTF; 214 215 ret = mbedtls_x509_dn_gets(p, n, &crt->subject); 216 MBEDTLS_X509_SAFE_SNPRINTF; 217 218 ret = mbedtls_snprintf(p, n, " - flags 0x%08x\n", *flags); 219 MBEDTLS_X509_SAFE_SNPRINTF; 220 221 ctx->p = p; 222 223 return 0; 224} 225 226int verify_parse_san(mbedtls_x509_subject_alternative_name *san, 227 char **buf, size_t *size) 228{ 229 int ret; 230 size_t i; 231 char *p = *buf; 232 size_t n = *size; 233 234 ret = mbedtls_snprintf(p, n, "type : %d", san->type); 235 MBEDTLS_X509_SAFE_SNPRINTF; 236 237 switch (san->type) { 238 case (MBEDTLS_X509_SAN_OTHER_NAME): 239 ret = mbedtls_snprintf(p, n, "\notherName :"); 240 MBEDTLS_X509_SAFE_SNPRINTF; 241 242 if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, 243 &san->san.other_name.type_id) == 0) { 244 ret = mbedtls_snprintf(p, n, " hardware module name :"); 245 MBEDTLS_X509_SAFE_SNPRINTF; 246 ret = mbedtls_snprintf(p, n, " hardware type : "); 247 MBEDTLS_X509_SAFE_SNPRINTF; 248 249 ret = mbedtls_oid_get_numeric_string(p, 250 n, 251 &san->san.other_name.value.hardware_module_name.oid); 252 MBEDTLS_X509_SAFE_SNPRINTF; 253 254 ret = mbedtls_snprintf(p, n, ", hardware serial number : "); 255 MBEDTLS_X509_SAFE_SNPRINTF; 256 257 for (i = 0; i < san->san.other_name.value.hardware_module_name.val.len; i++) { 258 ret = mbedtls_snprintf(p, 259 n, 260 "%02X", 261 san->san.other_name.value.hardware_module_name.val.p[i]); 262 MBEDTLS_X509_SAFE_SNPRINTF; 263 } 264 } 265 break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */ 266 case (MBEDTLS_X509_SAN_DNS_NAME): 267 ret = mbedtls_snprintf(p, n, "\ndNSName : "); 268 MBEDTLS_X509_SAFE_SNPRINTF; 269 if (san->san.unstructured_name.len >= n) { 270 *p = '\0'; 271 return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; 272 } 273 n -= san->san.unstructured_name.len; 274 for (i = 0; i < san->san.unstructured_name.len; i++) { 275 *p++ = san->san.unstructured_name.p[i]; 276 } 277 break;/* MBEDTLS_X509_SAN_DNS_NAME */ 278 279 default: 280 /* 281 * Should not happen. 282 */ 283 return -1; 284 } 285 ret = mbedtls_snprintf(p, n, "\n"); 286 MBEDTLS_X509_SAFE_SNPRINTF; 287 288 *size = n; 289 *buf = p; 290 291 return 0; 292} 293 294int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, 295 int critical, const unsigned char *cp, const unsigned char *end) 296{ 297 (void) crt; 298 (void) critical; 299 mbedtls_x509_buf *new_oid = (mbedtls_x509_buf *) p_ctx; 300 if (oid->tag == MBEDTLS_ASN1_OID && 301 MBEDTLS_OID_CMP(MBEDTLS_OID_CERTIFICATE_POLICIES, oid) == 0) { 302 /* Handle unknown certificate policy */ 303 int ret, parse_ret = 0; 304 size_t len; 305 unsigned char **p = (unsigned char **) &cp; 306 307 /* Get main sequence tag */ 308 ret = mbedtls_asn1_get_tag(p, end, &len, 309 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); 310 if (ret != 0) { 311 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 312 } 313 314 if (*p + len != end) { 315 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 316 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 317 } 318 319 /* 320 * Cannot be an empty sequence. 321 */ 322 if (len == 0) { 323 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 324 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 325 } 326 327 while (*p < end) { 328 const unsigned char *policy_end; 329 330 /* 331 * Get the policy sequence 332 */ 333 if ((ret = mbedtls_asn1_get_tag(p, end, &len, 334 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 335 0) { 336 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 337 } 338 339 policy_end = *p + len; 340 341 if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, 342 MBEDTLS_ASN1_OID)) != 0) { 343 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 344 } 345 346 /* 347 * Recognize exclusively the policy with OID 1 348 */ 349 if (len != 1 || *p[0] != 1) { 350 parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; 351 } 352 353 *p += len; 354 355 /* 356 * If there is an optional qualifier, then *p < policy_end 357 * Check the Qualifier len to verify it doesn't exceed policy_end. 358 */ 359 if (*p < policy_end) { 360 if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, 361 MBEDTLS_ASN1_CONSTRUCTED | 362 MBEDTLS_ASN1_SEQUENCE)) != 0) { 363 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 364 } 365 /* 366 * Skip the optional policy qualifiers. 367 */ 368 *p += len; 369 } 370 371 if (*p != policy_end) { 372 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 373 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 374 } 375 } 376 377 if (*p != end) { 378 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 379 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 380 } 381 382 return parse_ret; 383 } else if (new_oid != NULL && new_oid->tag == oid->tag && new_oid->len == oid->len && 384 memcmp(new_oid->p, oid->p, oid->len) == 0) { 385 return 0; 386 } else { 387 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 388 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); 389 } 390} 391#endif /* MBEDTLS_X509_CRT_PARSE_C */ 392/* END_HEADER */ 393 394/* BEGIN_DEPENDENCIES 395 * depends_on:MBEDTLS_BIGNUM_C 396 * END_DEPENDENCIES 397 */ 398 399/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 400void x509_parse_san(char *crt_file, char *result_str) 401{ 402 int ret; 403 mbedtls_x509_crt crt; 404 mbedtls_x509_subject_alternative_name san; 405 mbedtls_x509_sequence *cur = NULL; 406 char buf[2000]; 407 char *p = buf; 408 size_t n = sizeof(buf); 409 410 mbedtls_x509_crt_init(&crt); 411 memset(buf, 0, 2000); 412 USE_PSA_INIT(); 413 414 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 415 416 if (crt.ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { 417 cur = &crt.subject_alt_names; 418 while (cur != NULL) { 419 ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san); 420 TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE); 421 /* 422 * If san type not supported, ignore. 423 */ 424 if (ret == 0) { 425 TEST_EQUAL(verify_parse_san(&san, &p, &n), 0); 426 } 427 cur = cur->next; 428 } 429 } 430 431 TEST_EQUAL(strcmp(buf, result_str), 0); 432 433exit: 434 435 mbedtls_x509_crt_free(&crt); 436 USE_PSA_DONE(); 437} 438/* END_CASE */ 439 440/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 441void x509_cert_info(char *crt_file, char *result_str) 442{ 443 mbedtls_x509_crt crt; 444 char buf[2000]; 445 int res; 446 447 mbedtls_x509_crt_init(&crt); 448 memset(buf, 0, 2000); 449 USE_PSA_INIT(); 450 451 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 452 res = mbedtls_x509_crt_info(buf, 2000, "", &crt); 453 454 TEST_ASSERT(res != -1); 455 TEST_ASSERT(res != -2); 456 457 TEST_EQUAL(strcmp(buf, result_str), 0); 458 459exit: 460 mbedtls_x509_crt_free(&crt); 461 USE_PSA_DONE(); 462} 463/* END_CASE */ 464 465/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */ 466void mbedtls_x509_crl_info(char *crl_file, char *result_str) 467{ 468 mbedtls_x509_crl crl; 469 char buf[2000]; 470 int res; 471 472 mbedtls_x509_crl_init(&crl); 473 memset(buf, 0, 2000); 474 USE_PSA_INIT(); 475 476 TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0); 477 res = mbedtls_x509_crl_info(buf, 2000, "", &crl); 478 479 TEST_ASSERT(res != -1); 480 TEST_ASSERT(res != -2); 481 482 TEST_EQUAL(strcmp(buf, result_str), 0); 483 484exit: 485 mbedtls_x509_crl_free(&crl); 486 USE_PSA_DONE(); 487} 488/* END_CASE */ 489 490/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */ 491void mbedtls_x509_crl_parse(char *crl_file, int result) 492{ 493 mbedtls_x509_crl crl; 494 char buf[2000]; 495 496 mbedtls_x509_crl_init(&crl); 497 memset(buf, 0, 2000); 498 USE_PSA_INIT(); 499 500 TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), result); 501 502exit: 503 mbedtls_x509_crl_free(&crl); 504 USE_PSA_DONE(); 505} 506/* END_CASE */ 507 508/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C */ 509void mbedtls_x509_csr_info(char *csr_file, char *result_str) 510{ 511 mbedtls_x509_csr csr; 512 char buf[2000]; 513 int res; 514 515 mbedtls_x509_csr_init(&csr); 516 memset(buf, 0, 2000); 517 USE_PSA_INIT(); 518 519 TEST_EQUAL(mbedtls_x509_csr_parse_file(&csr, csr_file), 0); 520 res = mbedtls_x509_csr_info(buf, 2000, "", &csr); 521 522 TEST_ASSERT(res != -1); 523 TEST_ASSERT(res != -2); 524 525 TEST_EQUAL(strcmp(buf, result_str), 0); 526 527exit: 528 mbedtls_x509_csr_free(&csr); 529 USE_PSA_DONE(); 530} 531/* END_CASE */ 532 533/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ 534void x509_verify_info(int flags, char *prefix, char *result_str) 535{ 536 char buf[2000]; 537 int res; 538 539 USE_PSA_INIT(); 540 memset(buf, 0, sizeof(buf)); 541 542 res = mbedtls_x509_crt_verify_info(buf, sizeof(buf), prefix, flags); 543 544 TEST_ASSERT(res >= 0); 545 546 TEST_EQUAL(strcmp(buf, result_str), 0); 547 548exit: 549 USE_PSA_DONE(); 550} 551/* END_CASE */ 552 553/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */ 554void x509_verify_restart(char *crt_file, char *ca_file, 555 int result, int flags_result, 556 int max_ops, int min_restart, int max_restart) 557{ 558 int ret, cnt_restart; 559 mbedtls_x509_crt_restart_ctx rs_ctx; 560 mbedtls_x509_crt crt; 561 mbedtls_x509_crt ca; 562 uint32_t flags = 0; 563 564 /* 565 * See comments on ecp_test_vect_restart() for op count precision. 566 * 567 * For reference, with Mbed TLS 2.6 and default settings: 568 * - ecdsa_verify() for P-256: ~ 6700 569 * - ecdsa_verify() for P-384: ~ 18800 570 * - x509_verify() for server5 -> test-ca2: ~ 18800 571 * - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500 572 */ 573 mbedtls_x509_crt_restart_init(&rs_ctx); 574 mbedtls_x509_crt_init(&crt); 575 mbedtls_x509_crt_init(&ca); 576 USE_PSA_INIT(); 577 578 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 579 TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); 580 581 mbedtls_ecp_set_max_ops(max_ops); 582 583 cnt_restart = 0; 584 do { 585 ret = mbedtls_x509_crt_verify_restartable(&crt, &ca, NULL, 586 &mbedtls_x509_crt_profile_default, NULL, &flags, 587 NULL, NULL, &rs_ctx); 588 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 589 590 TEST_EQUAL(ret, result); 591 TEST_EQUAL(flags, (uint32_t) flags_result); 592 593 TEST_ASSERT(cnt_restart >= min_restart); 594 TEST_ASSERT(cnt_restart <= max_restart); 595 596 /* Do we leak memory when aborting? */ 597 ret = mbedtls_x509_crt_verify_restartable(&crt, &ca, NULL, 598 &mbedtls_x509_crt_profile_default, NULL, &flags, 599 NULL, NULL, &rs_ctx); 600 TEST_ASSERT(ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS); 601 602exit: 603 mbedtls_x509_crt_restart_free(&rs_ctx); 604 mbedtls_x509_crt_free(&crt); 605 mbedtls_x509_crt_free(&ca); 606 USE_PSA_DONE(); 607} 608/* END_CASE */ 609 610/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */ 611void x509_verify(char *crt_file, char *ca_file, char *crl_file, 612 char *cn_name_str, int result, int flags_result, 613 char *profile_str, 614 char *verify_callback) 615{ 616 mbedtls_x509_crt crt; 617 mbedtls_x509_crt ca; 618 mbedtls_x509_crl crl; 619 uint32_t flags = 0; 620 int res; 621 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL; 622 char *cn_name = NULL; 623 const mbedtls_x509_crt_profile *profile; 624 625 mbedtls_x509_crt_init(&crt); 626 mbedtls_x509_crt_init(&ca); 627 mbedtls_x509_crl_init(&crl); 628 629 USE_PSA_INIT(); 630 631 if (strcmp(cn_name_str, "NULL") != 0) { 632 cn_name = cn_name_str; 633 } 634 635 if (strcmp(profile_str, "") == 0) { 636 profile = &mbedtls_x509_crt_profile_default; 637 } else if (strcmp(profile_str, "next") == 0) { 638 profile = &mbedtls_x509_crt_profile_next; 639 } else if (strcmp(profile_str, "suite_b") == 0) { 640 profile = &mbedtls_x509_crt_profile_suiteb; 641 } else if (strcmp(profile_str, "compat") == 0) { 642 profile = &compat_profile; 643 } else if (strcmp(profile_str, "all") == 0) { 644 profile = &profile_all; 645 } else { 646 TEST_ASSERT("Unknown algorithm profile" == 0); 647 } 648 649 if (strcmp(verify_callback, "NULL") == 0) { 650 f_vrfy = NULL; 651 } else if (strcmp(verify_callback, "verify_none") == 0) { 652 f_vrfy = verify_none; 653 } else if (strcmp(verify_callback, "verify_all") == 0) { 654 f_vrfy = verify_all; 655 } else { 656 TEST_ASSERT("No known verify callback selected" == 0); 657 } 658 659 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 660 TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); 661 TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0); 662 663 res = mbedtls_x509_crt_verify_with_profile(&crt, 664 &ca, 665 &crl, 666 profile, 667 cn_name, 668 &flags, 669 f_vrfy, 670 NULL); 671 672 TEST_EQUAL(res, (result)); 673 TEST_EQUAL(flags, (uint32_t) (flags_result)); 674 675#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 676 /* CRLs aren't supported with CA callbacks, so skip the CA callback 677 * version of the test if CRLs are in use. */ 678 if (crl_file == NULL || strcmp(crl_file, "") == 0) { 679 flags = 0; 680 681 res = mbedtls_x509_crt_verify_with_ca_cb(&crt, 682 ca_callback, 683 &ca, 684 profile, 685 cn_name, 686 &flags, 687 f_vrfy, 688 NULL); 689 690 TEST_EQUAL(res, result); 691 TEST_EQUAL(flags, (uint32_t) (flags_result)); 692 } 693#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 694exit: 695 mbedtls_x509_crt_free(&crt); 696 mbedtls_x509_crt_free(&ca); 697 mbedtls_x509_crl_free(&crl); 698 USE_PSA_DONE(); 699} 700/* END_CASE */ 701 702/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 703void x509_verify_ca_cb_failure(char *crt_file, char *ca_file, char *name, 704 int exp_ret) 705{ 706 int ret; 707 mbedtls_x509_crt crt; 708 mbedtls_x509_crt ca; 709 uint32_t flags = 0; 710 711 mbedtls_x509_crt_init(&crt); 712 mbedtls_x509_crt_init(&ca); 713 USE_PSA_INIT(); 714 715 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 716 TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); 717 718 if (strcmp(name, "NULL") == 0) { 719 name = NULL; 720 } 721 722 ret = mbedtls_x509_crt_verify_with_ca_cb(&crt, ca_callback_fail, &ca, 723 &compat_profile, name, &flags, 724 NULL, NULL); 725 726 TEST_EQUAL(ret, exp_ret); 727 TEST_EQUAL(flags, (uint32_t) (-1)); 728exit: 729 mbedtls_x509_crt_free(&crt); 730 mbedtls_x509_crt_free(&ca); 731 USE_PSA_DONE(); 732} 733/* END_CASE */ 734 735/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 736void x509_verify_callback(char *crt_file, char *ca_file, char *name, 737 int exp_ret, char *exp_vrfy_out) 738{ 739 int ret; 740 mbedtls_x509_crt crt; 741 mbedtls_x509_crt ca; 742 uint32_t flags = 0; 743 verify_print_context vrfy_ctx; 744 745 mbedtls_x509_crt_init(&crt); 746 mbedtls_x509_crt_init(&ca); 747 verify_print_init(&vrfy_ctx); 748 749 USE_PSA_INIT(); 750 751 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 752 TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); 753 754 if (strcmp(name, "NULL") == 0) { 755 name = NULL; 756 } 757 758 ret = mbedtls_x509_crt_verify_with_profile(&crt, &ca, NULL, 759 &compat_profile, 760 name, &flags, 761 verify_print, &vrfy_ctx); 762 763 TEST_EQUAL(ret, exp_ret); 764 TEST_EQUAL(strcmp(vrfy_ctx.buf, exp_vrfy_out), 0); 765 766exit: 767 mbedtls_x509_crt_free(&crt); 768 mbedtls_x509_crt_free(&ca); 769 USE_PSA_DONE(); 770} 771/* END_CASE */ 772 773/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 774void mbedtls_x509_dn_gets(char *crt_file, char *entity, char *result_str) 775{ 776 mbedtls_x509_crt crt; 777 char buf[2000]; 778 int res = 0; 779 780 mbedtls_x509_crt_init(&crt); 781 memset(buf, 0, 2000); 782 USE_PSA_INIT(); 783 784 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 785 if (strcmp(entity, "subject") == 0) { 786 res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject); 787 } else if (strcmp(entity, "issuer") == 0) { 788 res = mbedtls_x509_dn_gets(buf, 2000, &crt.issuer); 789 } else { 790 TEST_ASSERT("Unknown entity" == 0); 791 } 792 793 TEST_ASSERT(res != -1); 794 TEST_ASSERT(res != -2); 795 796 TEST_EQUAL(strcmp(buf, result_str), 0); 797 798exit: 799 mbedtls_x509_crt_free(&crt); 800 USE_PSA_DONE(); 801} 802/* END_CASE */ 803 804/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ 805void mbedtls_x509_dn_gets_subject_replace(char *crt_file, 806 char *new_subject_ou, 807 char *result_str, 808 int ret) 809{ 810 mbedtls_x509_crt crt; 811 char buf[2000]; 812 int res = 0; 813 814 mbedtls_x509_crt_init(&crt); 815 memset(buf, 0, 2000); 816 USE_PSA_INIT(); 817 818 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 819 crt.subject.next->val.p = (unsigned char *) new_subject_ou; 820 crt.subject.next->val.len = strlen(new_subject_ou); 821 822 res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject); 823 824 if (ret != 0) { 825 TEST_EQUAL(res, ret); 826 } else { 827 TEST_ASSERT(res != -1); 828 TEST_ASSERT(res != -2); 829 TEST_EQUAL(strcmp(buf, result_str), 0); 830 } 831exit: 832 mbedtls_x509_crt_free(&crt); 833 USE_PSA_DONE(); 834} 835/* END_CASE */ 836 837/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ 838void mbedtls_x509_get_name(char *rdn_sequence, int exp_ret) 839{ 840 unsigned char *name = NULL; 841 unsigned char *p; 842 size_t name_len; 843 mbedtls_x509_name head; 844 mbedtls_x509_name *allocated, *prev; 845 int ret; 846 847 USE_PSA_INIT(); 848 memset(&head, 0, sizeof(head)); 849 850 name = mbedtls_test_unhexify_alloc(rdn_sequence, &name_len); 851 p = name; 852 853 ret = mbedtls_x509_get_name(&p, (name + name_len), &head); 854 if (ret == 0) { 855 allocated = head.next; 856 857 while (allocated != NULL) { 858 prev = allocated; 859 allocated = allocated->next; 860 861 mbedtls_free(prev); 862 } 863 } 864 865 TEST_EQUAL(ret, exp_ret); 866 867 mbedtls_free(name); 868 869exit: 870 USE_PSA_DONE(); 871} 872/* END_CASE */ 873 874/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 875void mbedtls_x509_time_is_past(char *crt_file, char *entity, int result) 876{ 877 mbedtls_x509_crt crt; 878 879 mbedtls_x509_crt_init(&crt); 880 USE_PSA_INIT(); 881 882 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 883 884 if (strcmp(entity, "valid_from") == 0) { 885 TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_from), result); 886 } else if (strcmp(entity, "valid_to") == 0) { 887 TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_to), result); 888 } else { 889 TEST_ASSERT("Unknown entity" == 0); 890 } 891 892exit: 893 mbedtls_x509_crt_free(&crt); 894 USE_PSA_DONE(); 895} 896/* END_CASE */ 897 898/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 899void mbedtls_x509_time_is_future(char *crt_file, char *entity, int result) 900{ 901 mbedtls_x509_crt crt; 902 903 mbedtls_x509_crt_init(&crt); 904 USE_PSA_INIT(); 905 906 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 907 908 if (strcmp(entity, "valid_from") == 0) { 909 TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_from), result); 910 } else if (strcmp(entity, "valid_to") == 0) { 911 TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_to), result); 912 } else { 913 TEST_ASSERT("Unknown entity" == 0); 914 } 915 916exit: 917 mbedtls_x509_crt_free(&crt); 918 USE_PSA_DONE(); 919} 920/* END_CASE */ 921 922/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */ 923void x509parse_crt_file(char *crt_file, int result) 924{ 925 mbedtls_x509_crt crt; 926 927 mbedtls_x509_crt_init(&crt); 928 USE_PSA_INIT(); 929 930 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), result); 931 932exit: 933 mbedtls_x509_crt_free(&crt); 934 USE_PSA_DONE(); 935} 936/* END_CASE */ 937 938/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ 939void x509parse_crt(data_t *buf, char *result_str, int result) 940{ 941 mbedtls_x509_crt crt; 942 unsigned char output[2000]; 943 int res; 944 945 mbedtls_x509_crt_init(&crt); 946 memset(output, 0, 2000); 947 USE_PSA_INIT(); 948 949 TEST_EQUAL(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len), result); 950 if ((result) == 0) { 951 res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); 952 953 TEST_ASSERT(res != -1); 954 TEST_ASSERT(res != -2); 955 956 TEST_EQUAL(strcmp((char *) output, result_str), 0); 957 } 958 959 mbedtls_x509_crt_free(&crt); 960 mbedtls_x509_crt_init(&crt); 961 memset(output, 0, 2000); 962 963 TEST_EQUAL(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len), result); 964 if ((result) == 0) { 965 res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); 966 967 TEST_ASSERT(res != -1); 968 TEST_ASSERT(res != -2); 969 970 TEST_EQUAL(strcmp((char *) output, result_str), 0); 971 } 972 973 mbedtls_x509_crt_free(&crt); 974 mbedtls_x509_crt_init(&crt); 975 memset(output, 0, 2000); 976 977 TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, NULL), 978 result); 979 if ((result) == 0) { 980 res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); 981 982 TEST_ASSERT(res != -1); 983 TEST_ASSERT(res != -2); 984 985 TEST_EQUAL(strcmp((char *) output, result_str), 0); 986 } 987 988 mbedtls_x509_crt_free(&crt); 989 mbedtls_x509_crt_init(&crt); 990 memset(output, 0, 2000); 991 992 TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, NULL), 993 result); 994 if ((result) == 0) { 995 res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); 996 997 TEST_ASSERT(res != -1); 998 TEST_ASSERT(res != -2); 999 1000 TEST_EQUAL(strcmp((char *) output, result_str), 0); 1001 } 1002 1003exit: 1004 mbedtls_x509_crt_free(&crt); 1005 USE_PSA_DONE(); 1006} 1007/* END_CASE */ 1008 1009/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ 1010void x509parse_crt_cb(data_t *buf, char *result_str, int result) 1011{ 1012 mbedtls_x509_crt crt; 1013 mbedtls_x509_buf oid; 1014 unsigned char output[2000]; 1015 int res; 1016 1017 oid.tag = MBEDTLS_ASN1_OID; 1018 oid.len = MBEDTLS_OID_SIZE(MBEDTLS_OID_PKIX "\x01\x1F"); 1019 oid.p = (unsigned char *) MBEDTLS_OID_PKIX "\x01\x1F"; 1020 1021 mbedtls_x509_crt_init(&crt); 1022 memset(output, 0, 2000); 1023 USE_PSA_INIT(); 1024 1025 TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, parse_crt_ext_cb, 1026 &oid), result); 1027 if ((result) == 0) { 1028 res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); 1029 1030 TEST_ASSERT(res != -1); 1031 TEST_ASSERT(res != -2); 1032 1033 TEST_EQUAL(strcmp((char *) output, result_str), 0); 1034 } 1035 1036 mbedtls_x509_crt_free(&crt); 1037 mbedtls_x509_crt_init(&crt); 1038 memset(output, 0, 2000); 1039 1040 TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, parse_crt_ext_cb, 1041 &oid), (result)); 1042 if ((result) == 0) { 1043 res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); 1044 1045 TEST_ASSERT(res != -1); 1046 TEST_ASSERT(res != -2); 1047 1048 TEST_EQUAL(strcmp((char *) output, result_str), 0); 1049 } 1050 1051exit: 1052 mbedtls_x509_crt_free(&crt); 1053 USE_PSA_DONE(); 1054} 1055/* END_CASE */ 1056 1057/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C */ 1058void x509parse_crl(data_t *buf, char *result_str, int result) 1059{ 1060 mbedtls_x509_crl crl; 1061 unsigned char output[2000]; 1062 int res; 1063 1064 mbedtls_x509_crl_init(&crl); 1065 memset(output, 0, 2000); 1066 USE_PSA_INIT(); 1067 1068 TEST_EQUAL(mbedtls_x509_crl_parse(&crl, buf->x, buf->len), (result)); 1069 if ((result) == 0) { 1070 res = mbedtls_x509_crl_info((char *) output, 2000, "", &crl); 1071 1072 TEST_ASSERT(res != -1); 1073 TEST_ASSERT(res != -2); 1074 1075 TEST_EQUAL(strcmp((char *) output, result_str), 0); 1076 } 1077 1078exit: 1079 mbedtls_x509_crl_free(&crl); 1080 USE_PSA_DONE(); 1081} 1082/* END_CASE */ 1083 1084/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C */ 1085void mbedtls_x509_csr_parse(data_t *csr_der, char *ref_out, int ref_ret) 1086{ 1087 mbedtls_x509_csr csr; 1088 char my_out[1000]; 1089 int my_ret; 1090 1091 mbedtls_x509_csr_init(&csr); 1092 memset(my_out, 0, sizeof(my_out)); 1093 USE_PSA_INIT(); 1094 1095 my_ret = mbedtls_x509_csr_parse_der(&csr, csr_der->x, csr_der->len); 1096 TEST_EQUAL(my_ret, ref_ret); 1097 1098 if (ref_ret == 0) { 1099 size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr); 1100 TEST_EQUAL(my_out_len, strlen(ref_out)); 1101 TEST_EQUAL(strcmp(my_out, ref_out), 0); 1102 } 1103 1104exit: 1105 mbedtls_x509_csr_free(&csr); 1106 USE_PSA_DONE(); 1107} 1108/* END_CASE */ 1109 1110/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 1111void mbedtls_x509_crt_parse_file(char *crt_path, int ret, int nb_crt) 1112{ 1113 mbedtls_x509_crt chain, *cur; 1114 int i; 1115 1116 mbedtls_x509_crt_init(&chain); 1117 USE_PSA_INIT(); 1118 1119 TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, crt_path), ret); 1120 1121 /* Check how many certs we got */ 1122 for (i = 0, cur = &chain; cur != NULL; cur = cur->next) { 1123 if (cur->raw.p != NULL) { 1124 i++; 1125 } 1126 } 1127 1128 TEST_EQUAL(i, nb_crt); 1129 1130exit: 1131 mbedtls_x509_crt_free(&chain); 1132 USE_PSA_DONE(); 1133} 1134/* END_CASE */ 1135 1136/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 1137void mbedtls_x509_crt_parse_path(char *crt_path, int ret, int nb_crt) 1138{ 1139 mbedtls_x509_crt chain, *cur; 1140 int i; 1141 1142 mbedtls_x509_crt_init(&chain); 1143 USE_PSA_INIT(); 1144 1145 TEST_EQUAL(mbedtls_x509_crt_parse_path(&chain, crt_path), ret); 1146 1147 /* Check how many certs we got */ 1148 for (i = 0, cur = &chain; cur != NULL; cur = cur->next) { 1149 if (cur->raw.p != NULL) { 1150 i++; 1151 } 1152 } 1153 1154 TEST_EQUAL(i, nb_crt); 1155 1156exit: 1157 mbedtls_x509_crt_free(&chain); 1158 USE_PSA_DONE(); 1159} 1160/* END_CASE */ 1161 1162/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 1163void mbedtls_x509_crt_verify_max(char *ca_file, char *chain_dir, int nb_int, 1164 int ret_chk, int flags_chk) 1165{ 1166 char file_buf[128]; 1167 int ret; 1168 uint32_t flags; 1169 mbedtls_x509_crt trusted, chain; 1170 1171 /* 1172 * We expect chain_dir to contain certificates 00.crt, 01.crt, etc. 1173 * with NN.crt signed by NN-1.crt 1174 */ 1175 mbedtls_x509_crt_init(&trusted); 1176 mbedtls_x509_crt_init(&chain); 1177 USE_PSA_INIT(); 1178 1179 /* Load trusted root */ 1180 TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, ca_file), 0); 1181 1182 /* Load a chain with nb_int intermediates (from 01 to nb_int), 1183 * plus one "end-entity" cert (nb_int + 1) */ 1184 ret = mbedtls_snprintf(file_buf, sizeof(file_buf), "%s/c%02d.pem", chain_dir, 1185 nb_int + 1); 1186 TEST_ASSERT(ret > 0 && (size_t) ret < sizeof(file_buf)); 1187 TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, file_buf), 0); 1188 1189 /* Try to verify that chain */ 1190 ret = mbedtls_x509_crt_verify(&chain, &trusted, NULL, NULL, &flags, 1191 NULL, NULL); 1192 TEST_EQUAL(ret, ret_chk); 1193 TEST_EQUAL(flags, (uint32_t) flags_chk); 1194 1195exit: 1196 mbedtls_x509_crt_free(&chain); 1197 mbedtls_x509_crt_free(&trusted); 1198 USE_PSA_DONE(); 1199} 1200/* END_CASE */ 1201 1202/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 1203void mbedtls_x509_crt_verify_chain(char *chain_paths, char *trusted_ca, 1204 int flags_result, int result, 1205 char *profile_name, int vrfy_fatal_lvls) 1206{ 1207 char *act; 1208 uint32_t flags; 1209 int res; 1210 mbedtls_x509_crt trusted, chain; 1211 const mbedtls_x509_crt_profile *profile = NULL; 1212 1213 mbedtls_x509_crt_init(&chain); 1214 mbedtls_x509_crt_init(&trusted); 1215 USE_PSA_INIT(); 1216 1217 while ((act = mystrsep(&chain_paths, " ")) != NULL) { 1218 TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, act), 0); 1219 } 1220 TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, trusted_ca), 0); 1221 1222 if (strcmp(profile_name, "") == 0) { 1223 profile = &mbedtls_x509_crt_profile_default; 1224 } else if (strcmp(profile_name, "next") == 0) { 1225 profile = &mbedtls_x509_crt_profile_next; 1226 } else if (strcmp(profile_name, "suiteb") == 0) { 1227 profile = &mbedtls_x509_crt_profile_suiteb; 1228 } else if (strcmp(profile_name, "rsa3072") == 0) { 1229 profile = &profile_rsa3072; 1230 } else if (strcmp(profile_name, "sha512") == 0) { 1231 profile = &profile_sha512; 1232 } 1233 1234 res = mbedtls_x509_crt_verify_with_profile(&chain, &trusted, NULL, profile, 1235 NULL, &flags, verify_fatal, &vrfy_fatal_lvls); 1236 1237 TEST_EQUAL(res, (result)); 1238 TEST_EQUAL(flags, (uint32_t) (flags_result)); 1239 1240exit: 1241 mbedtls_x509_crt_free(&trusted); 1242 mbedtls_x509_crt_free(&chain); 1243 USE_PSA_DONE(); 1244} 1245/* END_CASE */ 1246 1247/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ 1248void x509_oid_desc(data_t *buf, char *ref_desc) 1249{ 1250 mbedtls_x509_buf oid; 1251 const char *desc = NULL; 1252 int ret; 1253 1254 USE_PSA_INIT(); 1255 oid.tag = MBEDTLS_ASN1_OID; 1256 oid.p = buf->x; 1257 oid.len = buf->len; 1258 1259 ret = mbedtls_oid_get_extended_key_usage(&oid, &desc); 1260 1261 if (strcmp(ref_desc, "notfound") == 0) { 1262 TEST_ASSERT(ret != 0); 1263 TEST_ASSERT(desc == NULL); 1264 } else { 1265 TEST_EQUAL(ret, 0); 1266 TEST_ASSERT(desc != NULL); 1267 TEST_EQUAL(strcmp(desc, ref_desc), 0); 1268 } 1269 1270exit: 1271 USE_PSA_DONE(); 1272} 1273/* END_CASE */ 1274 1275/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ 1276void x509_oid_numstr(data_t *oid_buf, char *numstr, int blen, int ret) 1277{ 1278 mbedtls_x509_buf oid; 1279 char num_buf[100]; 1280 1281 USE_PSA_INIT(); 1282 memset(num_buf, 0x2a, sizeof(num_buf)); 1283 1284 oid.tag = MBEDTLS_ASN1_OID; 1285 oid.p = oid_buf->x; 1286 oid.len = oid_buf->len; 1287 1288 TEST_ASSERT((size_t) blen <= sizeof(num_buf)); 1289 1290 TEST_EQUAL(mbedtls_oid_get_numeric_string(num_buf, blen, &oid), ret); 1291 1292 if (ret >= 0) { 1293 TEST_EQUAL(num_buf[ret], 0); 1294 TEST_EQUAL(strcmp(num_buf, numstr), 0); 1295 } 1296 1297exit: 1298 USE_PSA_DONE(); 1299} 1300/* END_CASE */ 1301 1302/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_KEY_USAGE */ 1303void x509_check_key_usage(char *crt_file, int usage, int ret) 1304{ 1305 mbedtls_x509_crt crt; 1306 1307 mbedtls_x509_crt_init(&crt); 1308 USE_PSA_INIT(); 1309 1310 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 1311 1312 TEST_EQUAL(mbedtls_x509_crt_check_key_usage(&crt, usage), ret); 1313 1314exit: 1315 mbedtls_x509_crt_free(&crt); 1316 USE_PSA_DONE(); 1317} 1318/* END_CASE */ 1319 1320/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ 1321void x509_check_extended_key_usage(char *crt_file, data_t *oid, int ret 1322 ) 1323{ 1324 mbedtls_x509_crt crt; 1325 1326 mbedtls_x509_crt_init(&crt); 1327 USE_PSA_INIT(); 1328 1329 TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 1330 1331 TEST_EQUAL(mbedtls_x509_crt_check_extended_key_usage(&crt, (const char *) oid->x, oid->len), 1332 ret); 1333 1334exit: 1335 mbedtls_x509_crt_free(&crt); 1336 USE_PSA_DONE(); 1337} 1338/* END_CASE */ 1339 1340/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ 1341void x509_get_time(int tag, char *time_str, int ret, int year, int mon, 1342 int day, int hour, int min, int sec) 1343{ 1344 mbedtls_x509_time time; 1345 unsigned char buf[21]; 1346 unsigned char *start = buf; 1347 unsigned char *end = buf; 1348 1349 USE_PSA_INIT(); 1350 memset(&time, 0x00, sizeof(time)); 1351 *end = (unsigned char) tag; end++; 1352 *end = strlen(time_str); 1353 TEST_ASSERT(*end < 20); 1354 end++; 1355 memcpy(end, time_str, (size_t) *(end - 1)); 1356 end += *(end - 1); 1357 1358 TEST_EQUAL(mbedtls_x509_get_time(&start, end, &time), ret); 1359 if (ret == 0) { 1360 TEST_EQUAL(year, time.year); 1361 TEST_EQUAL(mon, time.mon); 1362 TEST_EQUAL(day, time.day); 1363 TEST_EQUAL(hour, time.hour); 1364 TEST_EQUAL(min, time.min); 1365 TEST_EQUAL(sec, time.sec); 1366 } 1367 1368exit: 1369 USE_PSA_DONE(); 1370} 1371/* END_CASE */ 1372 1373/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */ 1374void x509_parse_rsassa_pss_params(data_t *params, int params_tag, 1375 int ref_msg_md, int ref_mgf_md, 1376 int ref_salt_len, int ref_ret) 1377{ 1378 int my_ret; 1379 mbedtls_x509_buf buf; 1380 mbedtls_md_type_t my_msg_md, my_mgf_md; 1381 int my_salt_len; 1382 1383 USE_PSA_INIT(); 1384 1385 buf.p = params->x; 1386 buf.len = params->len; 1387 buf.tag = params_tag; 1388 1389 my_ret = mbedtls_x509_get_rsassa_pss_params(&buf, &my_msg_md, &my_mgf_md, 1390 &my_salt_len); 1391 1392 TEST_EQUAL(my_ret, ref_ret); 1393 1394 if (ref_ret == 0) { 1395 TEST_EQUAL(my_msg_md, (mbedtls_md_type_t) ref_msg_md); 1396 TEST_EQUAL(my_mgf_md, (mbedtls_md_type_t) ref_mgf_md); 1397 TEST_EQUAL(my_salt_len, ref_salt_len); 1398 } 1399 1400exit: 1401 USE_PSA_DONE(); 1402} 1403/* END_CASE */ 1404 1405/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */ 1406void x509_selftest() 1407{ 1408 USE_PSA_INIT(); 1409 TEST_EQUAL(mbedtls_x509_self_test(1), 0); 1410 1411exit: 1412 USE_PSA_DONE(); 1413} 1414/* END_CASE */ 1415