Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 5bd814a..a21ad47 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -11,67 +11,64 @@
#include "mbedtls/legacy_or_psa.h"
#if defined(MBEDTLS_RSA_C)
-int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen,
- const unsigned char *input, unsigned char *output,
- size_t output_max_len )
+int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,
+ const unsigned char *input, unsigned char *output,
+ size_t output_max_len)
{
- return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL,
- olen, input, output, output_max_len ) );
+ return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL,
+ olen, input, output, output_max_len);
}
-int mbedtls_rsa_sign_func( void *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_md_type_t md_alg, unsigned int hashlen,
- const unsigned char *hash, unsigned char *sig )
+int mbedtls_rsa_sign_func(void *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ mbedtls_md_type_t md_alg, unsigned int hashlen,
+ const unsigned char *hash, unsigned char *sig)
{
- return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng,
- md_alg, hashlen, hash, sig ) );
+ return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, f_rng, p_rng,
+ md_alg, hashlen, hash, sig);
}
-size_t mbedtls_rsa_key_len_func( void *ctx )
+size_t mbedtls_rsa_key_len_func(void *ctx)
{
- return( ((const mbedtls_rsa_context *) ctx)->len );
+ return ((const mbedtls_rsa_context *) ctx)->len;
}
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C)
-static int x509_crt_verifycsr( const unsigned char *buf, size_t buflen )
+static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen)
{
unsigned char hash[PSA_HASH_MAX_SIZE];
mbedtls_x509_csr csr;
int ret = 0;
- mbedtls_x509_csr_init( &csr );
+ mbedtls_x509_csr_init(&csr);
- if( mbedtls_x509_csr_parse( &csr, buf, buflen ) != 0 )
- {
+ if (mbedtls_x509_csr_parse(&csr, buf, buflen) != 0) {
ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
goto cleanup;
}
- psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md( csr.sig_md );
+ psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md(csr.sig_md);
size_t hash_size = 0;
- psa_status_t status = psa_hash_compute( psa_alg, csr.cri.p, csr.cri.len,
- hash, PSA_HASH_MAX_SIZE, &hash_size );
+ psa_status_t status = psa_hash_compute(psa_alg, csr.cri.p, csr.cri.len,
+ hash, PSA_HASH_MAX_SIZE, &hash_size);
- if( status != PSA_SUCCESS )
- {
+ if (status != PSA_SUCCESS) {
/* Note: this can't happen except after an internal error */
ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
goto cleanup;
}
- if( mbedtls_pk_verify_ext( csr.sig_pk, csr.sig_opts, &csr.pk,
- csr.sig_md, hash, mbedtls_hash_info_get_size( csr.sig_md ),
- csr.sig.p, csr.sig.len ) != 0 )
- {
+ if (mbedtls_pk_verify_ext(csr.sig_pk, csr.sig_opts, &csr.pk,
+ csr.sig_md, hash, mbedtls_hash_info_get_size(csr.sig_md),
+ csr.sig.p, csr.sig.len) != 0) {
ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;
goto cleanup;
}
cleanup:
- mbedtls_x509_csr_free( &csr );
- return( ret );
+ mbedtls_x509_csr_free(&csr);
+ return ret;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */
@@ -97,11 +94,11 @@
*/
#define EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH 12
-static int csr_set_extended_key_usage( mbedtls_x509write_csr *ctx,
- const char *oid, size_t oid_len )
+static int csr_set_extended_key_usage(mbedtls_x509write_csr *ctx,
+ const char *oid, size_t oid_len)
{
unsigned char buf[EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH] = { 0 };
- unsigned char *p = buf + sizeof( buf );
+ unsigned char *p = buf + sizeof(buf);
int ret;
size_t len = 0;
@@ -109,18 +106,22 @@
* Following functions fail anyway if the temporary buffer is not large,
* but we set an extra check here to emphasize a possible source of errors
*/
- if ( oid_len > EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH )
- {
+ if (oid_len > EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH) {
return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
}
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( &p, buf, oid, oid_len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, buf, ret ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, buf,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(&p, buf, oid, oid_len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, ret));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
- ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_EXTENDED_KEY_USAGE,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_EXTENDED_KEY_USAGE ), 0, p, len );
+ ret = mbedtls_x509write_csr_set_extension(ctx,
+ MBEDTLS_OID_EXTENDED_KEY_USAGE,
+ MBEDTLS_OID_SIZE(MBEDTLS_OID_EXTENDED_KEY_USAGE),
+ 0,
+ p,
+ len);
return ret;
}
@@ -133,9 +134,9 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */
-void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
- int key_usage, int set_key_usage, int cert_type,
- int set_cert_type, int set_extension )
+void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
+ int key_usage, int set_key_usage, int cert_type,
+ int set_cert_type, int set_extension)
{
mbedtls_pk_context key;
mbedtls_x509write_csr req;
@@ -151,60 +152,63 @@
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
mbedtls_test_rnd_pseudo_info rnd_info;
- memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
- mbedtls_x509write_csr_init( &req );
+ mbedtls_x509write_csr_init(&req);
- USE_PSA_INIT( );
+ USE_PSA_INIT();
- mbedtls_pk_init( &key );
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
- mbedtls_test_rnd_std_rand, NULL ) == 0 );
+ mbedtls_pk_init(&key);
+ TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
+ mbedtls_test_rnd_std_rand, NULL) == 0);
- mbedtls_x509write_csr_set_md_alg( &req, md_type );
- mbedtls_x509write_csr_set_key( &req, &key );
- TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 );
- if( set_key_usage != 0 )
- TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 );
- if( set_cert_type != 0 )
- TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
- if ( set_extension != 0 )
- TEST_ASSERT( csr_set_extended_key_usage( &req, MBEDTLS_OID_SERVER_AUTH,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH ) ) == 0 );
+ mbedtls_x509write_csr_set_md_alg(&req, md_type);
+ mbedtls_x509write_csr_set_key(&req, &key);
+ TEST_ASSERT(mbedtls_x509write_csr_set_subject_name(&req, subject_name) == 0);
+ if (set_key_usage != 0) {
+ TEST_ASSERT(mbedtls_x509write_csr_set_key_usage(&req, key_usage) == 0);
+ }
+ if (set_cert_type != 0) {
+ TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == 0);
+ }
+ if (set_extension != 0) {
+ TEST_ASSERT(csr_set_extended_key_usage(&req, MBEDTLS_OID_SERVER_AUTH,
+ MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH)) == 0);
+ }
- ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ),
- mbedtls_test_rnd_pseudo_rand, &rnd_info );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info);
+ TEST_ASSERT(ret == 0);
- pem_len = strlen( (char *) buf );
+ pem_len = strlen((char *) buf);
- for( buf_index = pem_len; buf_index < sizeof( buf ); ++buf_index )
- {
- TEST_ASSERT( buf[buf_index] == 0 );
+ for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) {
+ TEST_ASSERT(buf[buf_index] == 0);
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
// When using PSA crypto, RNG isn't controllable, so cert_req_check_file can't be used
- (void)cert_req_check_file;
+ (void) cert_req_check_file;
buf[pem_len] = '\0';
- TEST_ASSERT( x509_crt_verifycsr( buf, pem_len + 1 ) == 0 );
+ TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0);
#else
- f = fopen( cert_req_check_file, "r" );
- TEST_ASSERT( f != NULL );
- olen = fread( check_buf, 1, sizeof( check_buf ), f );
- fclose( f );
+ f = fopen(cert_req_check_file, "r");
+ TEST_ASSERT(f != NULL);
+ olen = fread(check_buf, 1, sizeof(check_buf), f);
+ fclose(f);
- TEST_ASSERT( olen >= pem_len - 1 );
- TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+ TEST_ASSERT(olen >= pem_len - 1);
+ TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ),
- mbedtls_test_rnd_pseudo_rand,
- &rnd_info );
- TEST_ASSERT( der_len >= 0 );
+ der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf),
+ mbedtls_test_rnd_pseudo_rand,
+ &rnd_info);
+ TEST_ASSERT(der_len >= 0);
- if( der_len == 0 )
+ if (der_len == 0) {
goto exit;
+ }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
// When using PSA crypto, RNG isn't controllable, result length isn't
@@ -214,20 +218,20 @@
#else
der_len -= 1;
#endif
- ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len ),
- mbedtls_test_rnd_pseudo_rand, &rnd_info );
- TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info);
+ TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
exit:
- mbedtls_x509write_csr_free( &req );
- mbedtls_pk_free( &key );
- USE_PSA_DONE( );
+ mbedtls_x509write_csr_free(&req);
+ mbedtls_pk_free(&key);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C:MBEDTLS_USE_PSA_CRYPTO */
-void x509_csr_check_opaque( char *key_file, int md_type, int key_usage,
- int cert_type )
+void x509_csr_check_opaque(char *key_file, int md_type, int key_usage,
+ int cert_type)
{
mbedtls_pk_context key;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
@@ -239,66 +243,69 @@
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
mbedtls_test_rnd_pseudo_info rnd_info;
- memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
- mbedtls_x509write_csr_init( &req );
+ mbedtls_x509write_csr_init(&req);
- USE_PSA_INIT( );
+ USE_PSA_INIT();
- md_alg_psa = mbedtls_hash_info_psa_from_md( (mbedtls_md_type_t) md_type );
- TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );
+ md_alg_psa = mbedtls_hash_info_psa_from_md((mbedtls_md_type_t) md_type);
+ TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE);
- mbedtls_pk_init( &key );
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
- mbedtls_test_rnd_std_rand, NULL ) == 0 );
+ mbedtls_pk_init(&key);
+ TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
+ mbedtls_test_rnd_std_rand, NULL) == 0);
- if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
- alg_psa = PSA_ALG_ECDSA( md_alg_psa );
- else if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA )
- alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN( md_alg_psa );
- else
- TEST_ASSUME( ! "PK key type not supported in this configuration" );
+ if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
+ alg_psa = PSA_ALG_ECDSA(md_alg_psa);
+ } else if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
+ alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN(md_alg_psa);
+ } else {
+ TEST_ASSUME(!"PK key type not supported in this configuration");
+ }
- TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &key_id, alg_psa,
- PSA_KEY_USAGE_SIGN_HASH,
- PSA_ALG_NONE ) == 0 );
+ TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&key, &key_id, alg_psa,
+ PSA_KEY_USAGE_SIGN_HASH,
+ PSA_ALG_NONE) == 0);
- mbedtls_x509write_csr_set_md_alg( &req, md_type );
- mbedtls_x509write_csr_set_key( &req, &key );
- TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 );
- if( key_usage != 0 )
- TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 );
- if( cert_type != 0 )
- TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
+ mbedtls_x509write_csr_set_md_alg(&req, md_type);
+ mbedtls_x509write_csr_set_key(&req, &key);
+ TEST_ASSERT(mbedtls_x509write_csr_set_subject_name(&req, subject_name) == 0);
+ if (key_usage != 0) {
+ TEST_ASSERT(mbedtls_x509write_csr_set_key_usage(&req, key_usage) == 0);
+ }
+ if (cert_type != 0) {
+ TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == 0);
+ }
- ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ) - 1,
- mbedtls_test_rnd_pseudo_rand, &rnd_info );
+ ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1,
+ mbedtls_test_rnd_pseudo_rand, &rnd_info);
- TEST_ASSERT( ret == 0 );
+ TEST_ASSERT(ret == 0);
- pem_len = strlen( (char *) buf );
+ pem_len = strlen((char *) buf);
buf[pem_len] = '\0';
- TEST_ASSERT( x509_crt_verifycsr( buf, pem_len + 1 ) == 0 );
+ TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0);
exit:
- mbedtls_x509write_csr_free( &req );
- mbedtls_pk_free( &key );
- psa_destroy_key( key_id );
- PSA_DONE( );
+ mbedtls_x509write_csr_free(&req);
+ mbedtls_pk_free(&key);
+ psa_destroy_key(key_id);
+ PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CRT_WRITE_C:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
-void x509_crt_check( char *subject_key_file, char *subject_pwd,
- char *subject_name, char *issuer_key_file,
- char *issuer_pwd, char *issuer_name,
- char *serial_str, char *not_before, char *not_after,
- int md_type, int key_usage, int set_key_usage,
- char *ext_key_usage,
- int cert_type, int set_cert_type, int auth_ident,
- int ver, char *cert_check_file, int pk_wrap, int is_ca,
- char *cert_verify_file )
+void x509_crt_check(char *subject_key_file, char *subject_pwd,
+ char *subject_name, char *issuer_key_file,
+ char *issuer_pwd, char *issuer_name,
+ char *serial_str, char *not_before, char *not_after,
+ int md_type, int key_usage, int set_key_usage,
+ char *ext_key_usage,
+ int cert_type, int set_cert_type, int auth_ident,
+ int ver, char *cert_check_file, int pk_wrap, int is_ca,
+ char *cert_verify_file)
{
mbedtls_pk_context subject_key, issuer_key, issuer_key_alt;
mbedtls_pk_context *key = &issuer_key;
@@ -319,34 +326,33 @@
#endif
mbedtls_pk_type_t issuer_key_type;
- memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
- mbedtls_mpi_init( &serial );
+ memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
+ mbedtls_mpi_init(&serial);
- USE_PSA_INIT( );
+ USE_PSA_INIT();
- mbedtls_pk_init( &subject_key );
- mbedtls_pk_init( &issuer_key );
- mbedtls_pk_init( &issuer_key_alt );
+ mbedtls_pk_init(&subject_key);
+ mbedtls_pk_init(&issuer_key);
+ mbedtls_pk_init(&issuer_key_alt);
- mbedtls_x509write_crt_init( &crt );
+ mbedtls_x509write_crt_init(&crt);
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file,
- subject_pwd, mbedtls_test_rnd_std_rand, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_pk_parse_keyfile(&subject_key, subject_key_file,
+ subject_pwd, mbedtls_test_rnd_std_rand, NULL) == 0);
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file,
- issuer_pwd, mbedtls_test_rnd_std_rand, NULL ) == 0 );
+ TEST_ASSERT(mbedtls_pk_parse_keyfile(&issuer_key, issuer_key_file,
+ issuer_pwd, mbedtls_test_rnd_std_rand, NULL) == 0);
- issuer_key_type = mbedtls_pk_get_type( &issuer_key );
+ issuer_key_type = mbedtls_pk_get_type(&issuer_key);
#if defined(MBEDTLS_RSA_C)
/* For RSA PK contexts, create a copy as an alternative RSA context. */
- if( pk_wrap == 1 && issuer_key_type == MBEDTLS_PK_RSA )
- {
- TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &issuer_key_alt,
- mbedtls_pk_rsa( issuer_key ),
- mbedtls_rsa_decrypt_func,
- mbedtls_rsa_sign_func,
- mbedtls_rsa_key_len_func ) == 0 );
+ if (pk_wrap == 1 && issuer_key_type == MBEDTLS_PK_RSA) {
+ TEST_ASSERT(mbedtls_pk_setup_rsa_alt(&issuer_key_alt,
+ mbedtls_pk_rsa(issuer_key),
+ mbedtls_rsa_decrypt_func,
+ mbedtls_rsa_sign_func,
+ mbedtls_rsa_key_len_func) == 0);
key = &issuer_key_alt;
}
@@ -354,216 +360,206 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* For Opaque PK contexts, wrap key as an Opaque RSA context. */
- if( pk_wrap == 2 )
- {
+ if (pk_wrap == 2) {
psa_algorithm_t alg_psa, md_alg_psa;
- md_alg_psa = mbedtls_hash_info_psa_from_md( (mbedtls_md_type_t) md_type );
- TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );
+ md_alg_psa = mbedtls_hash_info_psa_from_md((mbedtls_md_type_t) md_type);
+ TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE);
- if( mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_ECKEY )
- alg_psa = PSA_ALG_ECDSA( md_alg_psa );
- else if( mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA )
- alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN( md_alg_psa );
- else
- TEST_ASSUME( ! "PK key type not supported in this configuration" );
+ if (mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_ECKEY) {
+ alg_psa = PSA_ALG_ECDSA(md_alg_psa);
+ } else if (mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_RSA) {
+ alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN(md_alg_psa);
+ } else {
+ TEST_ASSUME(!"PK key type not supported in this configuration");
+ }
- TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &issuer_key, &key_id, alg_psa,
- PSA_KEY_USAGE_SIGN_HASH,
- PSA_ALG_NONE ) == 0 );
+ TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&issuer_key, &key_id, alg_psa,
+ PSA_KEY_USAGE_SIGN_HASH,
+ PSA_ALG_NONE) == 0);
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( pk_wrap == 2 )
- TEST_ASSERT( mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_OPAQUE );
+ if (pk_wrap == 2) {
+ TEST_ASSERT(mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_OPAQUE);
+ }
- TEST_ASSERT( mbedtls_test_read_mpi( &serial, serial_str ) == 0 );
+ TEST_ASSERT(mbedtls_test_read_mpi(&serial, serial_str) == 0);
- if( ver != -1 )
- mbedtls_x509write_crt_set_version( &crt, ver );
+ if (ver != -1) {
+ mbedtls_x509write_crt_set_version(&crt, ver);
+ }
- TEST_ASSERT( mbedtls_x509write_crt_set_serial( &crt, &serial ) == 0 );
- TEST_ASSERT( mbedtls_x509write_crt_set_validity( &crt, not_before,
- not_after ) == 0 );
- mbedtls_x509write_crt_set_md_alg( &crt, md_type );
- TEST_ASSERT( mbedtls_x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 );
- TEST_ASSERT( mbedtls_x509write_crt_set_subject_name( &crt, subject_name ) == 0 );
- mbedtls_x509write_crt_set_subject_key( &crt, &subject_key );
+ TEST_ASSERT(mbedtls_x509write_crt_set_serial(&crt, &serial) == 0);
+ TEST_ASSERT(mbedtls_x509write_crt_set_validity(&crt, not_before,
+ not_after) == 0);
+ mbedtls_x509write_crt_set_md_alg(&crt, md_type);
+ TEST_ASSERT(mbedtls_x509write_crt_set_issuer_name(&crt, issuer_name) == 0);
+ TEST_ASSERT(mbedtls_x509write_crt_set_subject_name(&crt, subject_name) == 0);
+ mbedtls_x509write_crt_set_subject_key(&crt, &subject_key);
- mbedtls_x509write_crt_set_issuer_key( &crt, key );
+ mbedtls_x509write_crt_set_issuer_key(&crt, key);
- if( crt.version >= MBEDTLS_X509_CRT_VERSION_3 )
- {
+ if (crt.version >= MBEDTLS_X509_CRT_VERSION_3) {
/* For the CA case, a path length of -1 means unlimited. */
- TEST_ASSERT( mbedtls_x509write_crt_set_basic_constraints( &crt, is_ca,
- (is_ca ? -1 : 0) ) == 0 );
- TEST_ASSERT( mbedtls_x509write_crt_set_subject_key_identifier( &crt ) == 0 );
- if( auth_ident )
- TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 );
- if( set_key_usage != 0 )
- TEST_ASSERT( mbedtls_x509write_crt_set_key_usage( &crt, key_usage ) == 0 );
- if( set_cert_type != 0 )
- TEST_ASSERT( mbedtls_x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 );
- if( strcmp( ext_key_usage, "NULL" ) != 0 )
- {
+ TEST_ASSERT(mbedtls_x509write_crt_set_basic_constraints(&crt, is_ca,
+ (is_ca ? -1 : 0)) == 0);
+ TEST_ASSERT(mbedtls_x509write_crt_set_subject_key_identifier(&crt) == 0);
+ if (auth_ident) {
+ TEST_ASSERT(mbedtls_x509write_crt_set_authority_key_identifier(&crt) == 0);
+ }
+ if (set_key_usage != 0) {
+ TEST_ASSERT(mbedtls_x509write_crt_set_key_usage(&crt, key_usage) == 0);
+ }
+ if (set_cert_type != 0) {
+ TEST_ASSERT(mbedtls_x509write_crt_set_ns_cert_type(&crt, cert_type) == 0);
+ }
+ if (strcmp(ext_key_usage, "NULL") != 0) {
mbedtls_asn1_sequence exts[2];
- memset( exts, 0, sizeof(exts) );
+ memset(exts, 0, sizeof(exts));
#define SET_OID(x, oid) \
do { \
x.len = MBEDTLS_OID_SIZE(oid); \
- x.p = (unsigned char*)oid; \
+ x.p = (unsigned char *) oid; \
x.tag = MBEDTLS_ASN1_OID; \
} \
- while( 0 )
+ while (0)
- if( strcmp( ext_key_usage, "serverAuth" ) == 0 )
- {
- SET_OID( exts[0].buf, MBEDTLS_OID_SERVER_AUTH );
- }
- else if( strcmp( ext_key_usage, "codeSigning,timeStamping" ) == 0 )
- {
- SET_OID( exts[0].buf, MBEDTLS_OID_CODE_SIGNING );
+ if (strcmp(ext_key_usage, "serverAuth") == 0) {
+ SET_OID(exts[0].buf, MBEDTLS_OID_SERVER_AUTH);
+ } else if (strcmp(ext_key_usage, "codeSigning,timeStamping") == 0) {
+ SET_OID(exts[0].buf, MBEDTLS_OID_CODE_SIGNING);
exts[0].next = &exts[1];
- SET_OID( exts[1].buf, MBEDTLS_OID_TIME_STAMPING );
+ SET_OID(exts[1].buf, MBEDTLS_OID_TIME_STAMPING);
}
- TEST_ASSERT( mbedtls_x509write_crt_set_ext_key_usage( &crt, exts ) == 0 );
+ TEST_ASSERT(mbedtls_x509write_crt_set_ext_key_usage(&crt, exts) == 0);
}
}
- ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof( buf ),
- mbedtls_test_rnd_pseudo_rand, &rnd_info );
- TEST_ASSERT( ret == 0 );
+ ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info);
+ TEST_ASSERT(ret == 0);
- pem_len = strlen( (char *) buf );
+ pem_len = strlen((char *) buf);
// check that the rest of the buffer remains clear
- for( buf_index = pem_len; buf_index < sizeof( buf ); ++buf_index )
- {
- TEST_ASSERT( buf[buf_index] == 0 );
+ for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) {
+ TEST_ASSERT(buf[buf_index] == 0);
}
- if( issuer_key_type != MBEDTLS_PK_RSA )
- {
+ if (issuer_key_type != MBEDTLS_PK_RSA) {
mbedtls_x509_crt crt_parse, trusted;
uint32_t flags;
- mbedtls_x509_crt_init( &crt_parse );
- mbedtls_x509_crt_init( &trusted );
+ mbedtls_x509_crt_init(&crt_parse);
+ mbedtls_x509_crt_init(&trusted);
- TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted,
- cert_verify_file ) == 0 );
- TEST_ASSERT( mbedtls_x509_crt_parse( &crt_parse,
- buf, sizeof( buf ) ) == 0 );
+ TEST_ASSERT(mbedtls_x509_crt_parse_file(&trusted,
+ cert_verify_file) == 0);
+ TEST_ASSERT(mbedtls_x509_crt_parse(&crt_parse,
+ buf, sizeof(buf)) == 0);
- ret = mbedtls_x509_crt_verify( &crt_parse, &trusted, NULL, NULL, &flags,
- NULL, NULL );
+ ret = mbedtls_x509_crt_verify(&crt_parse, &trusted, NULL, NULL, &flags,
+ NULL, NULL);
- mbedtls_x509_crt_free( &crt_parse );
- mbedtls_x509_crt_free( &trusted );
+ mbedtls_x509_crt_free(&crt_parse);
+ mbedtls_x509_crt_free(&trusted);
- TEST_EQUAL( flags, 0 );
- TEST_EQUAL( ret, 0 );
- }
- else if( *cert_check_file != '\0' )
- {
- f = fopen( cert_check_file, "r" );
- TEST_ASSERT( f != NULL );
- olen = fread( check_buf, 1, sizeof( check_buf ), f );
- fclose( f );
- TEST_ASSERT( olen < sizeof( check_buf ) );
+ TEST_EQUAL(flags, 0);
+ TEST_EQUAL(ret, 0);
+ } else if (*cert_check_file != '\0') {
+ f = fopen(cert_check_file, "r");
+ TEST_ASSERT(f != NULL);
+ olen = fread(check_buf, 1, sizeof(check_buf), f);
+ fclose(f);
+ TEST_ASSERT(olen < sizeof(check_buf));
- TEST_EQUAL( olen, pem_len );
- TEST_ASSERT( olen >= pem_len - 1 );
- TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+ TEST_EQUAL(olen, pem_len);
+ TEST_ASSERT(olen >= pem_len - 1);
+ TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
}
- der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ),
- mbedtls_test_rnd_pseudo_rand,
- &rnd_info );
- TEST_ASSERT( der_len >= 0 );
+ der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf),
+ mbedtls_test_rnd_pseudo_rand,
+ &rnd_info);
+ TEST_ASSERT(der_len >= 0);
- if( der_len == 0 )
+ if (der_len == 0) {
goto exit;
+ }
// Not testing against file, check date format
- if( *cert_check_file == '\0' )
- {
+ if (*cert_check_file == '\0') {
// UTC tag if before 2050, 2 digits less for year
- if( not_before[0] == '2' && ( not_before[1] > '0' || not_before[2] > '4' ) )
- {
+ if (not_before[0] == '2' && (not_before[1] > '0' || not_before[2] > '4')) {
before_tag = MBEDTLS_ASN1_GENERALIZED_TIME;
- }
- else
- {
+ } else {
before_tag = MBEDTLS_ASN1_UTC_TIME;
not_before += 2;
}
- if( not_after[0] == '2' && ( not_after[1] > '0' || not_after[2] > '4' ) )
- {
+ if (not_after[0] == '2' && (not_after[1] > '0' || not_after[2] > '4')) {
after_tag = MBEDTLS_ASN1_GENERALIZED_TIME;
- }
- else
- {
+ } else {
after_tag = MBEDTLS_ASN1_UTC_TIME;
not_after += 2;
}
- end = buf + sizeof( buf );
- for( p = end - der_len ; p < end ; )
- {
+ end = buf + sizeof(buf);
+ for (p = end - der_len; p < end;) {
tag = *p++;
sz = *p++;
- if( tag == MBEDTLS_ASN1_UTC_TIME || tag == MBEDTLS_ASN1_GENERALIZED_TIME )
- {
+ if (tag == MBEDTLS_ASN1_UTC_TIME || tag == MBEDTLS_ASN1_GENERALIZED_TIME) {
// Check correct tag and time written
- TEST_ASSERT( before_tag == tag );
- TEST_ASSERT( memcmp( p, not_before, sz - 1 ) == 0 );
+ TEST_ASSERT(before_tag == tag);
+ TEST_ASSERT(memcmp(p, not_before, sz - 1) == 0);
p += sz;
tag = *p++;
sz = *p++;
- TEST_ASSERT( after_tag == tag );
- TEST_ASSERT( memcmp( p, not_after, sz - 1 ) == 0 );
+ TEST_ASSERT(after_tag == tag);
+ TEST_ASSERT(memcmp(p, not_after, sz - 1) == 0);
break;
}
// Increment if long form ASN1 length
- if( sz & 0x80 )
+ if (sz & 0x80) {
p += sz & 0x0F;
- if( tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
+ }
+ if (tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
p += sz;
+ }
}
- TEST_ASSERT( p < end );
+ TEST_ASSERT(p < end);
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
// When using PSA crypto, RNG isn't controllable, result length isn't
// deterministic over multiple runs, removing a single byte isn't enough to
// go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case
- if( issuer_key_type != MBEDTLS_PK_RSA )
+ if (issuer_key_type != MBEDTLS_PK_RSA) {
der_len /= 2;
- else
+ } else
#endif
- der_len -= 1;
+ der_len -= 1;
- ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len ),
- mbedtls_test_rnd_pseudo_rand, &rnd_info );
- TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info);
+ TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
exit:
- mbedtls_x509write_crt_free( &crt );
- mbedtls_pk_free( &issuer_key_alt );
- mbedtls_pk_free( &subject_key );
- mbedtls_pk_free( &issuer_key );
- mbedtls_mpi_free( &serial );
+ mbedtls_x509write_crt_free(&crt);
+ mbedtls_pk_free(&issuer_key_alt);
+ mbedtls_pk_free(&subject_key);
+ mbedtls_pk_free(&issuer_key);
+ mbedtls_mpi_free(&serial);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_destroy_key( key_id );
+ psa_destroy_key(key_id);
#endif
- USE_PSA_DONE( );
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */
-void mbedtls_x509_string_to_names( char * name, char * parsed_name, int result
- )
+void mbedtls_x509_string_to_names(char *name, char *parsed_name, int result
+ )
{
int ret;
size_t len = 0;
@@ -571,38 +567,38 @@
mbedtls_x509_name parsed, *parsed_cur, *parsed_prv;
unsigned char buf[1024], out[1024], *c;
- memset( &parsed, 0, sizeof( parsed ) );
- memset( out, 0, sizeof( out ) );
- memset( buf, 0, sizeof( buf ) );
- c = buf + sizeof( buf );
+ memset(&parsed, 0, sizeof(parsed));
+ memset(out, 0, sizeof(out));
+ memset(buf, 0, sizeof(buf));
+ c = buf + sizeof(buf);
- ret = mbedtls_x509_string_to_names( &names, name );
- TEST_ASSERT( ret == result );
+ ret = mbedtls_x509_string_to_names(&names, name);
+ TEST_ASSERT(ret == result);
- if( ret != 0 )
+ if (ret != 0) {
goto exit;
+ }
- ret = mbedtls_x509_write_names( &c, buf, names );
- TEST_ASSERT( ret > 0 );
+ ret = mbedtls_x509_write_names(&c, buf, names);
+ TEST_ASSERT(ret > 0);
- TEST_ASSERT( mbedtls_asn1_get_tag( &c, buf + sizeof( buf ), &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) == 0 );
- TEST_ASSERT( mbedtls_x509_get_name( &c, buf + sizeof( buf ), &parsed ) == 0 );
+ TEST_ASSERT(mbedtls_asn1_get_tag(&c, buf + sizeof(buf), &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) == 0);
+ TEST_ASSERT(mbedtls_x509_get_name(&c, buf + sizeof(buf), &parsed) == 0);
- ret = mbedtls_x509_dn_gets( (char *) out, sizeof( out ), &parsed );
- TEST_ASSERT( ret > 0 );
+ ret = mbedtls_x509_dn_gets((char *) out, sizeof(out), &parsed);
+ TEST_ASSERT(ret > 0);
- TEST_ASSERT( strcmp( (char *) out, parsed_name ) == 0 );
+ TEST_ASSERT(strcmp((char *) out, parsed_name) == 0);
exit:
- mbedtls_asn1_free_named_data_list( &names );
+ mbedtls_asn1_free_named_data_list(&names);
parsed_cur = parsed.next;
- while( parsed_cur != 0 )
- {
+ while (parsed_cur != 0) {
parsed_prv = parsed_cur;
parsed_cur = parsed_cur->next;
- mbedtls_free( parsed_prv );
+ mbedtls_free(parsed_prv);
}
}
/* END_CASE */