Copy OID files that are getting moved to tf-psa-crypto
The OID module is used by both crypto and X.509. It has moved to the
`tf-psa-crypto` subdirectory, and the sibling commit
08d8cc57dbe7be54fe3f88ecbc2729300c48d450 removes this subdirectory from the
`mbedtls` repository in order to make `tf-psa-crypto` a submodule. We want
to access the relevant parts directly from X.509 rather than go through the
crypto repository, because OID functions are only accessible as private
interfaces, and crypto doesn't know when a particular OID function is needed
in the build since it depends on X.509 configuration options.
Make a copy of the OID module and its unit tests. In a follow-up, the X.509
module will switch to consuming this copy rather than the one that went into
TF-PSA-Crypto.
Rename the files from `*oid*` to `*x509_oid*` to follow the naming
convention that submodules of X.509 are prefixed with `x509`. This also
avoids file name clashes with TF-PSA-Crypto.
Since OID is not a public interface of Mbed TLS 4.x, move the header file
into `library`.
This commit only makes the files available. Subsequent commits will take
care of making these files used in the build.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/suites/test_suite_x509_oid.data b/tests/suites/test_suite_x509_oid.data
new file mode 100644
index 0000000..42b0505
--- /dev/null
+++ b/tests/suites/test_suite_x509_oid.data
@@ -0,0 +1,146 @@
+OID get Any Policy certificate policy
+oid_get_certificate_policies:"551D2000":"Any Policy"
+
+OID get certificate policy invalid oid
+oid_get_certificate_policies:"5533445566":""
+
+OID get certificate policy wrong oid - id-ce-authorityKeyIdentifier
+oid_get_certificate_policies:"551D23":""
+
+OID get Ext Key Usage - id-kp-serverAuth
+oid_get_extended_key_usage:"2B06010505070301":"TLS Web Server Authentication"
+
+OID get Ext Key Usage - id-kp-clientAuth
+oid_get_extended_key_usage:"2B06010505070302":"TLS Web Client Authentication"
+
+OID get Ext Key Usage - id-kp-codeSigning
+oid_get_extended_key_usage:"2B06010505070303":"Code Signing"
+
+OID get Ext Key Usage - id-kp-emailProtection
+oid_get_extended_key_usage:"2B06010505070304":"E-mail Protection"
+
+OID get Ext Key Usage - id-kp-timeStamping
+oid_get_extended_key_usage:"2B06010505070308":"Time Stamping"
+
+OID get Ext Key Usage - id-kp-OCSPSigning
+oid_get_extended_key_usage:"2B06010505070309":"OCSP Signing"
+
+OID get Ext Key Usage - id-kp-wisun-fan-device
+oid_get_extended_key_usage:"2B0601040182E42501":"Wi-SUN Alliance Field Area Network (FAN)"
+
+OID get Ext Key Usage invalid oid
+oid_get_extended_key_usage:"5533445566":""
+
+OID get Ext Key Usage wrong oid - id-ce-authorityKeyIdentifier
+oid_get_extended_key_usage:"551D23":""
+
+OID get x509 extension - id-ce-basicConstraints
+oid_get_x509_extension:"551D13":MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS
+
+OID get x509 extension - id-ce-keyUsage
+oid_get_x509_extension:"551D0F":MBEDTLS_OID_X509_EXT_KEY_USAGE
+
+OID get x509 extension - id-ce-extKeyUsage
+oid_get_x509_extension:"551D25":MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE
+
+OID get x509 extension - id-ce-subjectAltName
+oid_get_x509_extension:"551D11":MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME
+
+OID get x509 extension - id-netscape-certtype
+oid_get_x509_extension:"6086480186F8420101":MBEDTLS_OID_X509_EXT_NS_CERT_TYPE
+
+OID get x509 extension - id-ce-certificatePolicies
+oid_get_x509_extension:"551D20":MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
+
+OID get x509 extension - invalid oid
+oid_get_x509_extension:"5533445566":0
+
+OID get x509 extension - wrong oid - id-ce
+oid_get_x509_extension:"551D":0
+
+OID hash id - id-md5
+depends_on:PSA_WANT_ALG_MD5
+oid_get_md_alg_id:"2A864886f70d0205":MBEDTLS_MD_MD5
+
+OID hash id - id-sha1
+depends_on:PSA_WANT_ALG_SHA_1
+oid_get_md_alg_id:"2b0e03021a":MBEDTLS_MD_SHA1
+
+OID hash id - id-sha224
+depends_on:PSA_WANT_ALG_SHA_224
+oid_get_md_alg_id:"608648016503040204":MBEDTLS_MD_SHA224
+
+OID hash id - id-sha256
+depends_on:PSA_WANT_ALG_SHA_256
+oid_get_md_alg_id:"608648016503040201":MBEDTLS_MD_SHA256
+
+OID hash id - id-sha384
+depends_on:PSA_WANT_ALG_SHA_384
+oid_get_md_alg_id:"608648016503040202":MBEDTLS_MD_SHA384
+
+OID hash id - id-sha512
+depends_on:PSA_WANT_ALG_SHA_512
+oid_get_md_alg_id:"608648016503040203":MBEDTLS_MD_SHA512
+
+OID hash id - id-sha3-224
+depends_on:PSA_WANT_ALG_SHA3_224
+oid_get_md_alg_id:"608648016503040207":MBEDTLS_MD_SHA3_224
+
+OID hash id - id-sha3-256
+depends_on:PSA_WANT_ALG_SHA3_256
+oid_get_md_alg_id:"608648016503040208":MBEDTLS_MD_SHA3_256
+
+OID hash id - id-sha3-384
+depends_on:PSA_WANT_ALG_SHA3_384
+oid_get_md_alg_id:"608648016503040209":MBEDTLS_MD_SHA3_384
+
+OID hash id - id-sha3-512
+depends_on:PSA_WANT_ALG_SHA3_512
+oid_get_md_alg_id:"60864801650304020a":MBEDTLS_MD_SHA3_512
+
+OID hash id - id-ripemd160
+depends_on:PSA_WANT_ALG_RIPEMD160
+oid_get_md_alg_id:"2b24030201":MBEDTLS_MD_RIPEMD160
+
+OID hash id - invalid oid
+oid_get_md_alg_id:"2B864886f70d0204":-1
+
+mbedtls_oid_get_md_hmac - RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
+mbedtls_oid_get_md_hmac:"2B06010505080104":MBEDTLS_MD_RIPEMD160
+
+mbedtls_oid_get_md_hmac - SHA1
+depends_on:PSA_WANT_ALG_SHA_1
+mbedtls_oid_get_md_hmac:"2A864886F70D0207":MBEDTLS_MD_SHA1
+
+mbedtls_oid_get_md_hmac - SHA224
+depends_on:PSA_WANT_ALG_SHA_224
+mbedtls_oid_get_md_hmac:"2A864886F70D0208":MBEDTLS_MD_SHA224
+
+mbedtls_oid_get_md_hmac - SHA256
+depends_on:PSA_WANT_ALG_SHA_256
+mbedtls_oid_get_md_hmac:"2A864886F70D0209":MBEDTLS_MD_SHA256
+
+mbedtls_oid_get_md_hmac - SHA384
+depends_on:PSA_WANT_ALG_SHA_384
+mbedtls_oid_get_md_hmac:"2A864886F70D020A":MBEDTLS_MD_SHA384
+
+mbedtls_oid_get_md_hmac - SHA512
+depends_on:PSA_WANT_ALG_SHA_512
+mbedtls_oid_get_md_hmac:"2A864886F70D020B":MBEDTLS_MD_SHA512
+
+mbedtls_oid_get_md_hmac - SHA3_224
+depends_on:PSA_WANT_ALG_SHA3_224
+mbedtls_oid_get_md_hmac:"60864801650304020D":MBEDTLS_MD_SHA3_224
+
+mbedtls_oid_get_md_hmac - SHA3_256
+depends_on:PSA_WANT_ALG_SHA3_256
+mbedtls_oid_get_md_hmac:"60864801650304020E":MBEDTLS_MD_SHA3_256
+
+mbedtls_oid_get_md_hmac - SHA3_384
+depends_on:PSA_WANT_ALG_SHA3_384
+mbedtls_oid_get_md_hmac:"60864801650304020F":MBEDTLS_MD_SHA3_384
+
+mbedtls_oid_get_md_hmac - SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
+mbedtls_oid_get_md_hmac:"608648016503040210":MBEDTLS_MD_SHA3_512
diff --git a/tests/suites/test_suite_x509_oid.function b/tests/suites/test_suite_x509_oid.function
new file mode 100644
index 0000000..e96425e
--- /dev/null
+++ b/tests/suites/test_suite_x509_oid.function
@@ -0,0 +1,120 @@
+/* BEGIN_HEADER */
+#include "mbedtls/oid.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/asn1write.h"
+#include "string.h"
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_OID_C:!MBEDTLS_X509_REMOVE_INFO
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void oid_get_certificate_policies(data_t *oid, char *result_str)
+{
+ mbedtls_asn1_buf asn1_buf = { 0, 0, NULL };
+ int ret;
+ const char *desc;
+
+ asn1_buf.tag = MBEDTLS_ASN1_OID;
+ asn1_buf.p = oid->x;
+ asn1_buf.len = oid->len;
+
+ ret = mbedtls_oid_get_certificate_policies(&asn1_buf, &desc);
+ if (strlen(result_str) == 0) {
+ TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
+ } else {
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(strcmp((char *) desc, result_str) == 0);
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void oid_get_extended_key_usage(data_t *oid, char *result_str)
+{
+ mbedtls_asn1_buf asn1_buf = { 0, 0, NULL };
+ int ret;
+ const char *desc;
+
+ asn1_buf.tag = MBEDTLS_ASN1_OID;
+ asn1_buf.p = oid->x;
+ asn1_buf.len = oid->len;
+
+ ret = mbedtls_oid_get_extended_key_usage(&asn1_buf, &desc);
+ if (strlen(result_str) == 0) {
+ TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
+ } else {
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(strcmp((char *) desc, result_str) == 0);
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void oid_get_x509_extension(data_t *oid, int exp_type)
+{
+ mbedtls_asn1_buf ext_oid = { 0, 0, NULL };
+ int ret;
+ int ext_type;
+
+ ext_oid.tag = MBEDTLS_ASN1_OID;
+ ext_oid.p = oid->x;
+ ext_oid.len = oid->len;
+
+ ret = mbedtls_oid_get_x509_ext_type(&ext_oid, &ext_type);
+ if (exp_type == 0) {
+ TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
+ } else {
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT(ext_type == exp_type);
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void oid_get_md_alg_id(data_t *oid, int exp_md_id)
+{
+ mbedtls_asn1_buf md_oid = { 0, 0, NULL };
+ int ret;
+ mbedtls_md_type_t md_id = 0;
+
+ md_oid.tag = MBEDTLS_ASN1_OID;
+ md_oid.p = oid->x;
+ md_oid.len = oid->len;
+
+ ret = mbedtls_oid_get_md_alg(&md_oid, &md_id);
+
+ if (exp_md_id < 0) {
+ TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
+ TEST_ASSERT(md_id == 0);
+ } else {
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT((mbedtls_md_type_t) exp_md_id == md_id);
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_oid_get_md_hmac(data_t *oid, int exp_md_id)
+{
+ mbedtls_asn1_buf md_oid = { 0, 0, NULL };
+ int ret;
+ mbedtls_md_type_t md_id = 0;
+
+ md_oid.tag = MBEDTLS_ASN1_OID;
+ md_oid.p = oid->x;
+ md_oid.len = oid->len;
+
+ ret = mbedtls_oid_get_md_hmac(&md_oid, &md_id);
+
+ if (exp_md_id < 0) {
+ TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
+ TEST_ASSERT(md_id == 0);
+ } else {
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT((mbedtls_md_type_t) exp_md_id == md_id);
+ }
+}
+/* END_CASE */