TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / c0eabdc63657f784dee45167b010534cd3924cfa / . / tests / suites / test_suite_x509parse.function
blob: 77dd4d47d4afb6b8c461511c6e4c0098f2a95b49 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]2#include "mbedtls/bignum.h"
Andres AG4b76aec2016-09-23 13:16:02 +0100[diff] [blame]3#include "mbedtls/x509.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]4#include "mbedtls/x509_crt.h"
5#include "mbedtls/x509_crl.h"
6#include "mbedtls/x509_csr.h"
7#include "mbedtls/pem.h"
8#include "mbedtls/oid.h"
9#include "mbedtls/base64.h"
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]10#include "mbedtls/error.h"
Mohammad Azim Khan67735d52017-04-06 11:55:43 +0100[diff] [blame]11#include "string.h"
Paul Bakkerb63b0af2011-01-13 17:54:59 +0000[diff] [blame]12
Simon Butcher9e24b512017-07-28 12:15:13 +0100[diff] [blame]13#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]14# error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
Hanno Becker3b1422e2017-07-26 13:38:02 +0100[diff] [blame]15than the current threshold 19. To test larger values, please \
16adapt the script tests/data_files/dir-max/long.sh."
17#endif
18
Hanno Becker20a4ade2019-06-03 14:27:03 +0100[diff] [blame]19/* Test-only profile allowing all digests, PK algorithms, and curves. */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]20const mbedtls_x509_crt_profile profile_all = {
Hanno Becker20a4ade2019-06-03 14:27:03 +0100[diff] [blame]21 0xFFFFFFFF, /* Any MD */
22 0xFFFFFFFF, /* Any PK alg */
23 0xFFFFFFFF, /* Any curve */
24 1024,
25};
26
Gilles Peskineef86ab22017-05-05 18:59:02 +0200[diff] [blame]27/* Profile for backward compatibility. Allows SHA-1, unlike the default
28 profile. */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]29const mbedtls_x509_crt_profile compat_profile = {
30 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1) |
31 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_RIPEMD160) |
32 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA224) |
33 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
34 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) |
35 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
Manuel Pégourié-Gonnard65eefc82015-10-23 14:08:48 +0200[diff] [blame]36 0xFFFFFFF, /* Any PK alg */
37 0xFFFFFFF, /* Any curve */
38 1024,
39};
40
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]41const mbedtls_x509_crt_profile profile_rsa3072 = {
42 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
43 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) |
44 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
45 MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_RSA),
Manuel Pégourié-Gonnard6622fed2017-05-23 11:29:29 +0200[diff] [blame]46 0,
47 3072,
48};
49
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]50const mbedtls_x509_crt_profile profile_sha512 = {
51 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
Manuel Pégourié-Gonnard6622fed2017-05-23 11:29:29 +0200[diff] [blame]52 0xFFFFFFF, /* Any PK alg */
53 0xFFFFFFF, /* Any curve */
54 1024,
55};
56
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]57int verify_none(void *data,
58 mbedtls_x509_crt *crt,
59 int certificate_depth,
60 uint32_t *flags)
Paul Bakkerb63b0af2011-01-13 17:54:59 +0000[diff] [blame]61{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]62 ((void)data);
63 ((void)crt);
64 ((void)certificate_depth);
Manuel Pégourié-Gonnarde6028c92015-04-20 12:19:02 +0100[diff] [blame]65 *flags |= MBEDTLS_X509_BADCERT_OTHER;
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]66
Paul Bakker915275b2012-09-28 07:10:55 +0000[diff] [blame]67 return 0;
Paul Bakkerb63b0af2011-01-13 17:54:59 +0000[diff] [blame]68}
69
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]70int verify_all(void *data,
71 mbedtls_x509_crt *crt,
72 int certificate_depth,
73 uint32_t *flags)
Paul Bakkerb63b0af2011-01-13 17:54:59 +0000[diff] [blame]74{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]75 ((void)data);
76 ((void)crt);
77 ((void)certificate_depth);
Paul Bakker915275b2012-09-28 07:10:55 +0000[diff] [blame]78 *flags = 0;
Paul Bakker5a624082011-01-18 16:31:52 +0000[diff] [blame]79
Paul Bakkerb63b0af2011-01-13 17:54:59 +0000[diff] [blame]80 return 0;
81}
82
Jarno Lamsa03cd1202019-03-27 15:45:04 +0200[diff] [blame]83#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]84int ca_callback_fail(void *data,
85 mbedtls_x509_crt const *child,
86 mbedtls_x509_crt **candidates)
Jarno Lamsa557426a2019-03-27 17:08:29 +0200[diff] [blame]87{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]88 ((void)data);
89 ((void)child);
90 ((void)candidates);
Jarno Lamsa557426a2019-03-27 17:08:29 +0200[diff] [blame]91
92 return -1;
93}
94
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]95int ca_callback(void *data,
96 mbedtls_x509_crt const *child,
97 mbedtls_x509_crt **candidates)
Jarno Lamsa03cd1202019-03-27 15:45:04 +0200[diff] [blame]98{
Hanno Beckercbb59032019-03-28 14:14:22 +0000[diff] [blame]99 int ret = 0;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]100 mbedtls_x509_crt *ca = (mbedtls_x509_crt *)data;
Hanno Beckercbb59032019-03-28 14:14:22 +0000[diff] [blame]101 mbedtls_x509_crt *first;
102
103 /* This is a test-only implementation of the CA callback
104 * which always returns the entire list of trusted certificates.
105 * Production implementations managing a large number of CAs
106 * should use an efficient presentation and lookup for the
107 * set of trusted certificates (such as a hashtable) and only
108 * return those trusted certificates which satisfy basic
109 * parental checks, such as the matching of child `Issuer`
110 * and parent `Subject` field. */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]111 ((void)child);
Hanno Beckercbb59032019-03-28 14:14:22 +0000[diff] [blame]112
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]113 first = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
114 if (first == NULL) {
Hanno Beckercbb59032019-03-28 14:14:22 +0000[diff] [blame]115 ret = -1;
116 goto exit;
117 }
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]118 mbedtls_x509_crt_init(first);
Hanno Beckercbb59032019-03-28 14:14:22 +0000[diff] [blame]119
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]120 if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
Hanno Beckercbb59032019-03-28 14:14:22 +0000[diff] [blame]121 ret = -1;
122 goto exit;
123 }
124
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]125 while (ca->next != NULL) {
Jarno Lamsa03cd1202019-03-27 15:45:04 +0200[diff] [blame]126 ca = ca->next;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]127 if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
Hanno Beckercbb59032019-03-28 14:14:22 +0000[diff] [blame]128 ret = -1;
129 goto exit;
130 }
Jarno Lamsa03cd1202019-03-27 15:45:04 +0200[diff] [blame]131 }
Hanno Beckercbb59032019-03-28 14:14:22 +0000[diff] [blame]132
133exit:
134
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]135 if (ret != 0) {
136 mbedtls_x509_crt_free(first);
137 mbedtls_free(first);
Hanno Beckercbb59032019-03-28 14:14:22 +0000[diff] [blame]138 first = NULL;
139 }
140
Jarno Lamsa03cd1202019-03-27 15:45:04 +0200[diff] [blame]141 *candidates = first;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]142 return ret;
Jarno Lamsa03cd1202019-03-27 15:45:04 +0200[diff] [blame]143}
144#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
145
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]146int verify_fatal(void *data,
147 mbedtls_x509_crt *crt,
148 int certificate_depth,
149 uint32_t *flags)
Manuel Pégourié-Gonnard6b9d53f2017-05-23 12:26:58 +0200[diff] [blame]150{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]151 int *levels = (int *)data;
Manuel Pégourié-Gonnard6b9d53f2017-05-23 12:26:58 +0200[diff] [blame]152
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]153 ((void)crt);
154 ((void)certificate_depth);
Manuel Pégourié-Gonnard6b9d53f2017-05-23 12:26:58 +0200[diff] [blame]155
156 /* Simulate a fatal error in the callback */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]157 if (*levels & (1 << certificate_depth)) {
158 *flags |= (1 << certificate_depth);
159 return -1 - certificate_depth;
Manuel Pégourié-Gonnard6b9d53f2017-05-23 12:26:58 +0200[diff] [blame]160 }
161
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]162 return 0;
Manuel Pégourié-Gonnard6b9d53f2017-05-23 12:26:58 +0200[diff] [blame]163}
164
Manuel Pégourié-Gonnarda8838af2015-11-02 06:34:46 +0900[diff] [blame]165/* strsep() not available on Windows */
166char *mystrsep(char **stringp, const char *delim)
167{
168 const char *p;
169 char *ret = *stringp;
170
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]171 if (*stringp == NULL)
172 return NULL;
Manuel Pégourié-Gonnarda8838af2015-11-02 06:34:46 +0900[diff] [blame]173
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]174 for (;; (*stringp)++) {
175 if (**stringp == '\0') {
Manuel Pégourié-Gonnarda8838af2015-11-02 06:34:46 +0900[diff] [blame]176 *stringp = NULL;
177 goto done;
178 }
179
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]180 for (p = delim; *p != '\0'; p++)
181 if (**stringp == *p) {
Manuel Pégourié-Gonnarda8838af2015-11-02 06:34:46 +0900[diff] [blame]182 **stringp = '\0';
183 (*stringp)++;
184 goto done;
185 }
186 }
187
188done:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]189 return ret;
Manuel Pégourié-Gonnarda8838af2015-11-02 06:34:46 +0900[diff] [blame]190}
191
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]192#if defined(MBEDTLS_X509_CRT_PARSE_C)
193typedef struct {
194 char buf[512];
195 char *p;
196} verify_print_context;
197
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]198void verify_print_init(verify_print_context *ctx)
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]199{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]200 memset(ctx, 0, sizeof(verify_print_context));
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]201 ctx->p = ctx->buf;
202}
203
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]204int verify_print(void *data,
205 mbedtls_x509_crt *crt,
206 int certificate_depth,
207 uint32_t *flags)
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]208{
209 int ret;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]210 verify_print_context *ctx = (verify_print_context *)data;
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]211 char *p = ctx->p;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]212 size_t n = ctx->buf + sizeof(ctx->buf) - ctx->p;
213 ((void)flags);
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]214
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]215 ret = mbedtls_snprintf(p, n, "depth %d - serial ", certificate_depth);
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]216 MBEDTLS_X509_SAFE_SNPRINTF;
217
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]218 ret = mbedtls_x509_serial_gets(p, n, &crt->serial);
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]219 MBEDTLS_X509_SAFE_SNPRINTF;
220
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]221 ret = mbedtls_snprintf(p, n, " - subject ");
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]222 MBEDTLS_X509_SAFE_SNPRINTF;
223
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]224 ret = mbedtls_x509_dn_gets(p, n, &crt->subject);
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]225 MBEDTLS_X509_SAFE_SNPRINTF;
226
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]227 ret = mbedtls_snprintf(p, n, " - flags 0x%08x\n", *flags);
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]228 MBEDTLS_X509_SAFE_SNPRINTF;
229
230 ctx->p = p;
231
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]232 return 0;
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]233}
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]234
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]235int verify_parse_san(mbedtls_x509_subject_alternative_name *san,
236 char **buf,
237 size_t *size)
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]238{
239 int ret;
240 size_t i;
241 char *p = *buf;
242 size_t n = *size;
243
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]244 ret = mbedtls_snprintf(p, n, "type : %d", san->type);
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]245 MBEDTLS_X509_SAFE_SNPRINTF;
246
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]247 switch (san->type) {
248 case (MBEDTLS_X509_SAN_OTHER_NAME):
249 ret = mbedtls_snprintf(p, n, "\notherName :");
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]250 MBEDTLS_X509_SAFE_SNPRINTF;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]251
252 if (MBEDTLS_OID_CMP(
253 MBEDTLS_OID_ON_HW_MODULE_NAME,
254 &san->san.other_name.value.hardware_module_name.oid) != 0) {
255 ret = mbedtls_snprintf(p, n, " hardware module name :");
256 MBEDTLS_X509_SAFE_SNPRINTF;
257 ret = mbedtls_snprintf(p, n, " hardware type : ");
258 MBEDTLS_X509_SAFE_SNPRINTF;
259
260 ret = mbedtls_oid_get_numeric_string(
261 p, n, &san->san.other_name.value.hardware_module_name.oid);
262 MBEDTLS_X509_SAFE_SNPRINTF;
263
264 ret = mbedtls_snprintf(p, n, ", hardware serial number : ");
265 MBEDTLS_X509_SAFE_SNPRINTF;
266
267 if (san->san.other_name.value.hardware_module_name.val.len >=
268 n) {
269 *p = '\0';
270 return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
271 }
272
273 for (i = 0;
274 i < san->san.other_name.value.hardware_module_name.val.len;
275 i++) {
276 *p++ =
277 san->san.other_name.value.hardware_module_name.val.p[i];
278 }
279 n -= san->san.other_name.value.hardware_module_name.val.len;
280 }
281 break; /* MBEDTLS_OID_ON_HW_MODULE_NAME */
282 case (MBEDTLS_X509_SAN_DNS_NAME):
283 ret = mbedtls_snprintf(p, n, "\ndNSName : ");
284 MBEDTLS_X509_SAFE_SNPRINTF;
285 if (san->san.unstructured_name.len >= n) {
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]286 *p = '\0';
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]287 return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]288 }
289 n -= san->san.unstructured_name.len;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]290 for (i = 0; i < san->san.unstructured_name.len; i++)
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]291 *p++ = san->san.unstructured_name.p[i];
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]292 break; /* MBEDTLS_X509_SAN_DNS_NAME */
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]293
294 default:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]295 /*
296 * Should not happen.
297 */
298 return -1;
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]299 }
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]300 ret = mbedtls_snprintf(p, n, "\n");
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]301 MBEDTLS_X509_SAFE_SNPRINTF;
302
303 *size = n;
304 *buf = p;
305
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]306 return 0;
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]307}
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]308
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]309int parse_crt_ext_cb(void *p_ctx,
310 mbedtls_x509_crt const *crt,
311 mbedtls_x509_buf const *oid,
312 int critical,
313 const unsigned char *cp,
314 const unsigned char *end)
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]315{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]316 (void)crt;
317 (void)critical;
Nicola Di Lietoe58b4632020-05-29 22:58:25 +0200[diff] [blame]318 mbedtls_x509_buf *new_oid = (mbedtls_x509_buf *)p_ctx;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]319 if (oid->tag == MBEDTLS_ASN1_OID &&
320 MBEDTLS_OID_CMP(MBEDTLS_OID_CERTIFICATE_POLICIES, oid) == 0) {
Nicola Di Lietoc84b1e62020-06-13 11:08:16 +0200[diff] [blame]321 /* Handle unknown certificate policy */
322 int ret, parse_ret = 0;
323 size_t len;
324 unsigned char **p = (unsigned char **)&cp;
325
326 /* Get main sequence tag */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]327 ret = mbedtls_asn1_get_tag(
328 p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
329 if (ret != 0)
330 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
Nicola Di Lietoc84b1e62020-06-13 11:08:16 +0200[diff] [blame]331
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]332 if (*p + len != end)
333 return (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
334 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH));
Nicola Di Lietoc84b1e62020-06-13 11:08:16 +0200[diff] [blame]335
336 /*
337 * Cannot be an empty sequence.
338 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]339 if (len == 0)
340 return (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
341 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH));
Nicola Di Lietoc84b1e62020-06-13 11:08:16 +0200[diff] [blame]342
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]343 while (*p < end) {
Nicola Di Lietoc84b1e62020-06-13 11:08:16 +0200[diff] [blame]344 const unsigned char *policy_end;
345
346 /*
347 * Get the policy sequence
348 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]349 if ((ret = mbedtls_asn1_get_tag(p, end, &len,
350 MBEDTLS_ASN1_CONSTRUCTED |
351 MBEDTLS_ASN1_SEQUENCE)) != 0)
352 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
353 ret);
Nicola Di Lietoc84b1e62020-06-13 11:08:16 +0200[diff] [blame]354
355 policy_end = *p + len;
356
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]357 if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len,
358 MBEDTLS_ASN1_OID)) != 0)
359 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
360 ret);
Nicola Di Lietoc84b1e62020-06-13 11:08:16 +0200[diff] [blame]361
Nicola Di Lietob77fad82020-06-17 17:57:36 +0200[diff] [blame]362 /*
363 * Recognize exclusively the policy with OID 1
364 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]365 if (len != 1 || *p[0] != 1)
Nicola Di Lietoc84b1e62020-06-13 11:08:16 +0200[diff] [blame]366 parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
367
368 *p += len;
369
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]370 /*
371 * If there is an optional qualifier, then *p < policy_end
372 * Check the Qualifier len to verify it doesn't exceed policy_end.
373 */
374 if (*p < policy_end) {
375 if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len,
376 MBEDTLS_ASN1_CONSTRUCTED |
377 MBEDTLS_ASN1_SEQUENCE)) !=
378 0)
379 return MBEDTLS_ERROR_ADD(
380 MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
Nicola Di Lietoc84b1e62020-06-13 11:08:16 +0200[diff] [blame]381 /*
382 * Skip the optional policy qualifiers.
383 */
384 *p += len;
385 }
386
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]387 if (*p != policy_end)
388 return (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
389 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH));
Nicola Di Lietoc84b1e62020-06-13 11:08:16 +0200[diff] [blame]390 }
391
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]392 if (*p != end)
393 return (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
394 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH));
Nicola Di Lietoc84b1e62020-06-13 11:08:16 +0200[diff] [blame]395
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]396 return parse_ret;
397 } else if (new_oid != NULL && new_oid->tag == oid->tag &&
398 new_oid->len == oid->len &&
399 memcmp(new_oid->p, oid->p, oid->len) == 0)
400 return 0;
Nicola Di Lietoc84b1e62020-06-13 11:08:16 +0200[diff] [blame]401 else
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]402 return (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
403 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG));
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]404}
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]405#endif /* MBEDTLS_X509_CRT_PARSE_C */
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]406/* END_HEADER */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]407
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]408/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]409 * depends_on:MBEDTLS_BIGNUM_C
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]410 * END_DEPENDENCIES
411 */
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]412
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]413/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]414void x509_parse_san(char *crt_file, char *result_str)
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]415{
Ron Eldor890819a2019-05-13 19:03:04 +0300[diff] [blame]416 int ret;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]417 mbedtls_x509_crt crt;
Ron Eldor890819a2019-05-13 19:03:04 +0300[diff] [blame]418 mbedtls_x509_subject_alternative_name san;
419 mbedtls_x509_sequence *cur = NULL;
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]420 char buf[2000];
421 char *p = buf;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]422 size_t n = sizeof(buf);
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]423
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]424 mbedtls_x509_crt_init(&crt);
425 memset(buf, 0, 2000);
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]426
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]427 TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
Ron Eldor890819a2019-05-13 19:03:04 +0300[diff] [blame]428
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]429 if (crt.ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
Ron Eldor890819a2019-05-13 19:03:04 +0300[diff] [blame]430 cur = &crt.subject_alt_names;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]431 while (cur != NULL) {
432 ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san);
433 TEST_ASSERT(ret == 0 ||
434 ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE);
Ron Eldor890819a2019-05-13 19:03:04 +0300[diff] [blame]435 /*
436 * If san type not supported, ignore.
437 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]438 if (ret == 0)
439 TEST_ASSERT(verify_parse_san(&san, &p, &n) == 0);
Ron Eldor890819a2019-05-13 19:03:04 +0300[diff] [blame]440 cur = cur->next;
441 }
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]442 }
443
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]444 TEST_ASSERT(strcmp(buf, result_str) == 0);
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]445
446exit:
447
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]448 mbedtls_x509_crt_free(&crt);
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]449}
450/* END_CASE */
451
Hanno Becker612a2f12020-10-09 09:19:39 +0100[diff] [blame]452/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_X509_CRT_PARSE_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]453void x509_cert_info(char *crt_file, char *result_str)
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]454{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]455 mbedtls_x509_crt crt;
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]456 char buf[2000];
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]457 int res;
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]458
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]459 mbedtls_x509_crt_init(&crt);
460 memset(buf, 0, 2000);
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]461
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]462 TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
463 res = mbedtls_x509_crt_info(buf, 2000, "", &crt);
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]464
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]465 TEST_ASSERT(res != -1);
466 TEST_ASSERT(res != -2);
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]467
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]468 TEST_ASSERT(strcmp(buf, result_str) == 0);
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]469
470exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]471 mbedtls_x509_crt_free(&crt);
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]472}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]473/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]474
Hanno Becker612a2f12020-10-09 09:19:39 +0100[diff] [blame]475/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]476void mbedtls_x509_crl_info(char *crl_file, char *result_str)
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]477{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]478 mbedtls_x509_crl crl;
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]479 char buf[2000];
Paul Bakker69998dd2009-07-11 19:15:20 +0000[diff] [blame]480 int res;
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]481
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]482 mbedtls_x509_crl_init(&crl);
483 memset(buf, 0, 2000);
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]484
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]485 TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == 0);
486 res = mbedtls_x509_crl_info(buf, 2000, "", &crl);
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]487
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]488 TEST_ASSERT(res != -1);
489 TEST_ASSERT(res != -2);
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]490
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]491 TEST_ASSERT(strcmp(buf, result_str) == 0);
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]492
493exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]494 mbedtls_x509_crl_free(&crl);
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]495}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]496/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]497
Andres AGa39db392016-12-08 17:10:38 +0000[diff] [blame]498/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]499void mbedtls_x509_crl_parse(char *crl_file, int result)
Andres AGa39db392016-12-08 17:10:38 +0000[diff] [blame]500{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]501 mbedtls_x509_crl crl;
Andres AGa39db392016-12-08 17:10:38 +0000[diff] [blame]502 char buf[2000];
503
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]504 mbedtls_x509_crl_init(&crl);
505 memset(buf, 0, 2000);
Andres AGa39db392016-12-08 17:10:38 +0000[diff] [blame]506
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]507 TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == result);
Andres AGa39db392016-12-08 17:10:38 +0000[diff] [blame]508
509exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]510 mbedtls_x509_crl_free(&crl);
Andres AGa39db392016-12-08 17:10:38 +0000[diff] [blame]511}
512/* END_CASE */
513
Hanno Becker612a2f12020-10-09 09:19:39 +0100[diff] [blame]514/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]515void mbedtls_x509_csr_info(char *csr_file, char *result_str)
Manuel Pégourié-Gonnard2a8d7fd2014-01-24 17:34:26 +0100[diff] [blame]516{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]517 mbedtls_x509_csr csr;
Manuel Pégourié-Gonnard2a8d7fd2014-01-24 17:34:26 +0100[diff] [blame]518 char buf[2000];
519 int res;
520
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]521 mbedtls_x509_csr_init(&csr);
522 memset(buf, 0, 2000);
Manuel Pégourié-Gonnard2a8d7fd2014-01-24 17:34:26 +0100[diff] [blame]523
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]524 TEST_ASSERT(mbedtls_x509_csr_parse_file(&csr, csr_file) == 0);
525 res = mbedtls_x509_csr_info(buf, 2000, "", &csr);
Manuel Pégourié-Gonnard2a8d7fd2014-01-24 17:34:26 +0100[diff] [blame]526
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]527 TEST_ASSERT(res != -1);
528 TEST_ASSERT(res != -2);
Manuel Pégourié-Gonnard2a8d7fd2014-01-24 17:34:26 +0100[diff] [blame]529
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]530 TEST_ASSERT(strcmp(buf, result_str) == 0);
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]531
532exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]533 mbedtls_x509_csr_free(&csr);
Manuel Pégourié-Gonnard2a8d7fd2014-01-24 17:34:26 +0100[diff] [blame]534}
535/* END_CASE */
536
Hanno Becker612a2f12020-10-09 09:19:39 +0100[diff] [blame]537/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]538void x509_verify_info(int flags, char *prefix, char *result_str)
Manuel Pégourié-Gonnardb5f48ad2015-04-20 10:38:13 +0100[diff] [blame]539{
540 char buf[2000];
541 int res;
542
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]543 memset(buf, 0, sizeof(buf));
Manuel Pégourié-Gonnardb5f48ad2015-04-20 10:38:13 +0100[diff] [blame]544
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]545 res = mbedtls_x509_crt_verify_info(buf, sizeof(buf), prefix, flags);
Manuel Pégourié-Gonnardb5f48ad2015-04-20 10:38:13 +0100[diff] [blame]546
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]547 TEST_ASSERT(res >= 0);
Manuel Pégourié-Gonnardb5f48ad2015-04-20 10:38:13 +0100[diff] [blame]548
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]549 TEST_ASSERT(strcmp(buf, result_str) == 0);
Manuel Pégourié-Gonnardb5f48ad2015-04-20 10:38:13 +0100[diff] [blame]550}
551/* END_CASE */
552
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]553/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]554void x509_verify_restart(char *crt_file,
555 char *ca_file,
556 int result,
557 int flags_result,
558 int max_ops,
559 int min_restart,
560 int max_restart)
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]561{
562 int ret, cnt_restart;
563 mbedtls_x509_crt_restart_ctx rs_ctx;
564 mbedtls_x509_crt crt;
565 mbedtls_x509_crt ca;
566 uint32_t flags = 0;
567
Manuel Pégourié-Gonnard8b590492017-08-14 18:04:19 +0200[diff] [blame]568 /*
569 * See comments on ecp_test_vect_restart() for op count precision.
570 *
571 * For reference, with mbed TLS 2.6 and default settings:
572 * - ecdsa_verify() for P-256: ~ 6700
573 * - ecdsa_verify() for P-384: ~ 18800
574 * - x509_verify() for server5 -> test-ca2: ~ 18800
575 * - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500
576 */
577
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]578 mbedtls_x509_crt_restart_init(&rs_ctx);
579 mbedtls_x509_crt_init(&crt);
580 mbedtls_x509_crt_init(&ca);
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]581
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]582 TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
583 TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]584
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]585 mbedtls_ecp_set_max_ops(max_ops);
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]586
587 cnt_restart = 0;
588 do {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]589 ret = mbedtls_x509_crt_verify_restartable(
590 &crt, &ca, NULL, &mbedtls_x509_crt_profile_default, NULL, &flags,
591 NULL, NULL, &rs_ctx);
592 } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]593
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]594 TEST_ASSERT(ret == result);
595 TEST_ASSERT(flags == (uint32_t)flags_result);
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]596
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]597 TEST_ASSERT(cnt_restart >= min_restart);
598 TEST_ASSERT(cnt_restart <= max_restart);
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]599
600 /* Do we leak memory when aborting? */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]601 ret = mbedtls_x509_crt_verify_restartable(&crt, &ca, NULL,
602 &mbedtls_x509_crt_profile_default,
603 NULL, &flags, NULL, NULL,
604 &rs_ctx);
605 TEST_ASSERT(ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]606
607exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]608 mbedtls_x509_crt_restart_free(&rs_ctx);
609 mbedtls_x509_crt_free(&crt);
610 mbedtls_x509_crt_free(&ca);
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]611}
612/* END_CASE */
613
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]614/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]615void x509_verify(char *crt_file,
616 char *ca_file,
617 char *crl_file,
618 char *cn_name_str,
619 int result,
620 int flags_result,
621 char *profile_str,
622 char *verify_callback)
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]623{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]624 mbedtls_x509_crt crt;
625 mbedtls_x509_crt ca;
626 mbedtls_x509_crl crl;
627 uint32_t flags = 0;
628 int res;
Manuel Pégourié-Gonnarde6ef16f2015-05-11 19:54:43 +0200[diff] [blame]629 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]630 char *cn_name = NULL;
Gilles Peskineef86ab22017-05-05 18:59:02 +0200[diff] [blame]631 const mbedtls_x509_crt_profile *profile;
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]632
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]633 mbedtls_x509_crt_init(&crt);
634 mbedtls_x509_crt_init(&ca);
635 mbedtls_x509_crl_init(&crl);
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]636
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]637 USE_PSA_INIT();
Gilles Peskine9de97e22021-02-02 21:00:11 +0100[diff] [blame]638
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]639 if (strcmp(cn_name_str, "NULL") != 0)
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]640 cn_name = cn_name_str;
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]641
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]642 if (strcmp(profile_str, "") == 0)
Gilles Peskineef86ab22017-05-05 18:59:02 +0200[diff] [blame]643 profile = &mbedtls_x509_crt_profile_default;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]644 else if (strcmp(profile_str, "next") == 0)
Ron Eldorc1539982018-02-06 18:47:17 +0200[diff] [blame]645 profile = &mbedtls_x509_crt_profile_next;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]646 else if (strcmp(profile_str, "suite_b") == 0)
Ron Eldorc1539982018-02-06 18:47:17 +0200[diff] [blame]647 profile = &mbedtls_x509_crt_profile_suiteb;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]648 else if (strcmp(profile_str, "compat") == 0)
Gilles Peskineef86ab22017-05-05 18:59:02 +0200[diff] [blame]649 profile = &compat_profile;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]650 else if (strcmp(profile_str, "all") == 0)
Hanno Becker20a4ade2019-06-03 14:27:03 +0100[diff] [blame]651 profile = &profile_all;
Gilles Peskineef86ab22017-05-05 18:59:02 +0200[diff] [blame]652 else
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]653 TEST_ASSERT("Unknown algorithm profile" == 0);
Gilles Peskineef86ab22017-05-05 18:59:02 +0200[diff] [blame]654
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]655 if (strcmp(verify_callback, "NULL") == 0)
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]656 f_vrfy = NULL;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]657 else if (strcmp(verify_callback, "verify_none") == 0)
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]658 f_vrfy = verify_none;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]659 else if (strcmp(verify_callback, "verify_all") == 0)
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]660 f_vrfy = verify_all;
661 else
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]662 TEST_ASSERT("No known verify callback selected" == 0);
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]663
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]664 TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
665 TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
666 TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == 0);
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]667
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]668 res = mbedtls_x509_crt_verify_with_profile(&crt, &ca, &crl, profile,
669 cn_name, &flags, f_vrfy, NULL);
Manuel Pégourié-Gonnard65eefc82015-10-23 14:08:48 +0200[diff] [blame]670
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]671 TEST_ASSERT(res == (result));
672 TEST_ASSERT(flags == (uint32_t)(flags_result));
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]673
Jarno Lamsa03cd1202019-03-27 15:45:04 +0200[diff] [blame]674#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
Hanno Becker0350d562019-03-28 14:23:36 +0000[diff] [blame]675 /* CRLs aren't supported with CA callbacks, so skip the CA callback
Jarno Lamsadfd22c42019-04-01 15:18:53 +0300[diff] [blame]676 * version of the test if CRLs are in use. */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]677 if (crl_file == NULL || strcmp(crl_file, "") == 0) {
Hanno Becker0350d562019-03-28 14:23:36 +0000[diff] [blame]678 flags = 0;
Jarno Lamsa03cd1202019-03-27 15:45:04 +0200[diff] [blame]679
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]680 res = mbedtls_x509_crt_verify_with_ca_cb(
681 &crt, ca_callback, &ca, profile, cn_name, &flags, f_vrfy, NULL);
Jarno Lamsa03cd1202019-03-27 15:45:04 +0200[diff] [blame]682
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]683 TEST_ASSERT(res == (result));
684 TEST_ASSERT(flags == (uint32_t)(flags_result));
Hanno Becker0350d562019-03-28 14:23:36 +0000[diff] [blame]685 }
Jarno Lamsa03cd1202019-03-27 15:45:04 +0200[diff] [blame]686#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]687exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]688 mbedtls_x509_crt_free(&crt);
689 mbedtls_x509_crt_free(&ca);
690 mbedtls_x509_crl_free(&crl);
691 USE_PSA_DONE();
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]692}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]693/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]694
Jarno Lamsa557426a2019-03-27 17:08:29 +0200[diff] [blame]695/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]696void x509_verify_ca_cb_failure(char *crt_file,
697 char *ca_file,
698 char *name,
699 int exp_ret)
Jarno Lamsa557426a2019-03-27 17:08:29 +0200[diff] [blame]700{
701 int ret;
702 mbedtls_x509_crt crt;
703 mbedtls_x509_crt ca;
704 uint32_t flags = 0;
Hanno Becker3f932bb2019-03-28 17:06:47 +0000[diff] [blame]705
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]706 mbedtls_x509_crt_init(&crt);
707 mbedtls_x509_crt_init(&ca);
Jarno Lamsa557426a2019-03-27 17:08:29 +0200[diff] [blame]708
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]709 TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
710 TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
Jarno Lamsa557426a2019-03-27 17:08:29 +0200[diff] [blame]711
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]712 if (strcmp(name, "NULL") == 0)
Jarno Lamsa557426a2019-03-27 17:08:29 +0200[diff] [blame]713 name = NULL;
Hanno Beckercbb59032019-03-28 14:14:22 +0000[diff] [blame]714
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]715 ret = mbedtls_x509_crt_verify_with_ca_cb(
716 &crt, ca_callback_fail, &ca, &compat_profile, name, &flags, NULL, NULL);
Jarno Lamsa557426a2019-03-27 17:08:29 +0200[diff] [blame]717
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]718 TEST_ASSERT(ret == exp_ret);
719 TEST_ASSERT(flags == (uint32_t)(-1));
Jarno Lamsa557426a2019-03-27 17:08:29 +0200[diff] [blame]720exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]721 mbedtls_x509_crt_free(&crt);
722 mbedtls_x509_crt_free(&ca);
Jarno Lamsa557426a2019-03-27 17:08:29 +0200[diff] [blame]723}
724/* END_CASE */
725
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]726/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]727void x509_verify_callback(char *crt_file,
728 char *ca_file,
729 char *name,
730 int exp_ret,
731 char *exp_vrfy_out)
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]732{
733 int ret;
734 mbedtls_x509_crt crt;
735 mbedtls_x509_crt ca;
736 uint32_t flags = 0;
737 verify_print_context vrfy_ctx;
738
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]739 mbedtls_x509_crt_init(&crt);
740 mbedtls_x509_crt_init(&ca);
741 verify_print_init(&vrfy_ctx);
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]742
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]743 USE_PSA_INIT();
Gilles Peskine9de97e22021-02-02 21:00:11 +0100[diff] [blame]744
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]745 TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
746 TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]747
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]748 if (strcmp(name, "NULL") == 0)
Manuel Pégourié-Gonnarda6568252017-07-05 18:14:38 +0200[diff] [blame]749 name = NULL;
750
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]751 ret = mbedtls_x509_crt_verify_with_profile(&crt, &ca, NULL, &compat_profile,
752 name, &flags, verify_print,
753 &vrfy_ctx);
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]754
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]755 TEST_ASSERT(ret == exp_ret);
756 TEST_ASSERT(strcmp(vrfy_ctx.buf, exp_vrfy_out) == 0);
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]757
758exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]759 mbedtls_x509_crt_free(&crt);
760 mbedtls_x509_crt_free(&ca);
761 USE_PSA_DONE();
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200[diff] [blame]762}
763/* END_CASE */
764
Hanno Becker612a2f12020-10-09 09:19:39 +0100[diff] [blame]765/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]766void mbedtls_x509_dn_gets(char *crt_file, char *entity, char *result_str)
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]767{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]768 mbedtls_x509_crt crt;
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]769 char buf[2000];
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]770 int res = 0;
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]771
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]772 mbedtls_x509_crt_init(&crt);
773 memset(buf, 0, 2000);
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]774
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]775 TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
776 if (strcmp(entity, "subject") == 0)
777 res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject);
778 else if (strcmp(entity, "issuer") == 0)
779 res = mbedtls_x509_dn_gets(buf, 2000, &crt.issuer);
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]780 else
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]781 TEST_ASSERT("Unknown entity" == 0);
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]782
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]783 TEST_ASSERT(res != -1);
784 TEST_ASSERT(res != -2);
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]785
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]786 TEST_ASSERT(strcmp(buf, result_str) == 0);
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]787
788exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]789 mbedtls_x509_crt_free(&crt);
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]790}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]791/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]792
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]793/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]794void mbedtls_x509_time_is_past(char *crt_file, char *entity, int result)
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]795{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]796 mbedtls_x509_crt crt;
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]797
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]798 mbedtls_x509_crt_init(&crt);
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]799
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]800 TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]801
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]802 if (strcmp(entity, "valid_from") == 0)
803 TEST_ASSERT(mbedtls_x509_time_is_past(&crt.valid_from) == result);
804 else if (strcmp(entity, "valid_to") == 0)
805 TEST_ASSERT(mbedtls_x509_time_is_past(&crt.valid_to) == result);
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]806 else
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]807 TEST_ASSERT("Unknown entity" == 0);
Paul Bakkerb08e6842012-02-11 18:43:20 +0000[diff] [blame]808
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]809exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]810 mbedtls_x509_crt_free(&crt);
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]811}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]812/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000[diff] [blame]813
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]814/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]815void mbedtls_x509_time_is_future(char *crt_file, char *entity, int result)
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]816{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]817 mbedtls_x509_crt crt;
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]818
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]819 mbedtls_x509_crt_init(&crt);
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]820
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]821 TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]822
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]823 if (strcmp(entity, "valid_from") == 0)
824 TEST_ASSERT(mbedtls_x509_time_is_future(&crt.valid_from) == result);
825 else if (strcmp(entity, "valid_to") == 0)
826 TEST_ASSERT(mbedtls_x509_time_is_future(&crt.valid_to) == result);
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]827 else
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]828 TEST_ASSERT("Unknown entity" == 0);
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]829
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]830exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]831 mbedtls_x509_crt_free(&crt);
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]832}
833/* END_CASE */
834
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]835/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]836void x509parse_crt_file(char *crt_file, int result)
Paul Bakker5a5fa922014-09-26 14:53:04 +0200[diff] [blame]837{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]838 mbedtls_x509_crt crt;
Paul Bakker5a5fa922014-09-26 14:53:04 +0200[diff] [blame]839
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]840 mbedtls_x509_crt_init(&crt);
Paul Bakker5a5fa922014-09-26 14:53:04 +0200[diff] [blame]841
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]842 TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == result);
Paul Bakker5a5fa922014-09-26 14:53:04 +0200[diff] [blame]843
844exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]845 mbedtls_x509_crt_free(&crt);
Paul Bakker5a5fa922014-09-26 14:53:04 +0200[diff] [blame]846}
847/* END_CASE */
848
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]849/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]850void x509parse_crt(data_t *buf, char *result_str, int result)
Paul Bakkerb2c38f52009-07-19 19:36:15 +0000[diff] [blame]851{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]852 mbedtls_x509_crt crt;
Hanno Becker612a2f12020-10-09 09:19:39 +0100[diff] [blame]853#if !defined(MBEDTLS_X509_REMOVE_INFO)
Hanno Beckerfff2d572020-10-09 09:45:19 +0100[diff] [blame]854 unsigned char output[2000] = { 0 };
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]855 int res;
Hanno Beckerb4e5ddc2020-10-09 09:36:01 +0100[diff] [blame]856#else
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]857 ((void)result_str);
Peter Kolbus9a969b62018-12-11 13:55:56 -0600[diff] [blame]858#endif
Paul Bakkerb2c38f52009-07-19 19:36:15 +0000[diff] [blame]859
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]860 mbedtls_x509_crt_init(&crt);
Paul Bakkerb2c38f52009-07-19 19:36:15 +0000[diff] [blame]861
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]862 TEST_ASSERT(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len) == (result));
Hanno Becker612a2f12020-10-09 09:19:39 +0100[diff] [blame]863#if !defined(MBEDTLS_X509_REMOVE_INFO)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]864 if ((result) == 0) {
865 res = mbedtls_x509_crt_info((char *)output, 2000, "", &crt);
866 TEST_ASSERT(res != -1);
867 TEST_ASSERT(res != -2);
Hanno Becker2d8a2c02019-01-31 09:15:53 +0000[diff] [blame]868
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]869 TEST_ASSERT(strcmp((char *)output, result_str) == 0);
Hanno Becker2d8a2c02019-01-31 09:15:53 +0000[diff] [blame]870 }
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]871 memset(output, 0, 2000);
Peter Kolbus9a969b62018-12-11 13:55:56 -0600[diff] [blame]872#endif
Hanno Becker2d8a2c02019-01-31 09:15:53 +0000[diff] [blame]873
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]874 mbedtls_x509_crt_free(&crt);
875 mbedtls_x509_crt_init(&crt);
Hanno Becker2d8a2c02019-01-31 09:15:53 +0000[diff] [blame]876
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]877 TEST_ASSERT(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len) ==
878 (result));
Hanno Becker612a2f12020-10-09 09:19:39 +0100[diff] [blame]879#if !defined(MBEDTLS_X509_REMOVE_INFO)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]880 if ((result) == 0) {
881 memset(output, 0, 2000);
Peter Kolbus9a969b62018-12-11 13:55:56 -0600[diff] [blame]882
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]883 res = mbedtls_x509_crt_info((char *)output, 2000, "", &crt);
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]884
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]885 TEST_ASSERT(res != -1);
886 TEST_ASSERT(res != -2);
Paul Bakkerb2c38f52009-07-19 19:36:15 +0000[diff] [blame]887
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]888 TEST_ASSERT(strcmp((char *)output, result_str) == 0);
Paul Bakkerb2c38f52009-07-19 19:36:15 +0000[diff] [blame]889 }
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]890 memset(output, 0, 2000);
Hanno Beckerb4e5ddc2020-10-09 09:36:01 +0100[diff] [blame]891#endif /* !MBEDTLS_X509_REMOVE_INFO */
Paul Bakkerb08e6842012-02-11 18:43:20 +0000[diff] [blame]892
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]893 mbedtls_x509_crt_free(&crt);
894 mbedtls_x509_crt_init(&crt);
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]895
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]896 TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(
897 &crt, buf->x, buf->len, 0, NULL, NULL) == (result));
Hanno Beckerb4e5ddc2020-10-09 09:36:01 +0100[diff] [blame]898#if !defined(MBEDTLS_X509_REMOVE_INFO)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]899 if ((result) == 0) {
900 res = mbedtls_x509_crt_info((char *)output, 2000, "", &crt);
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]901
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]902 TEST_ASSERT(res != -1);
903 TEST_ASSERT(res != -2);
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]904
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]905 TEST_ASSERT(strcmp((char *)output, result_str) == 0);
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]906 }
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]907 memset(output, 0, 2000);
Hanno Beckerb4e5ddc2020-10-09 09:36:01 +0100[diff] [blame]908#endif /* !MBEDTLS_X509_REMOVE_INFO */
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]909
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]910 mbedtls_x509_crt_free(&crt);
911 mbedtls_x509_crt_init(&crt);
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]912
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]913 TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(
914 &crt, buf->x, buf->len, 1, NULL, NULL) == (result));
Hanno Beckerb4e5ddc2020-10-09 09:36:01 +0100[diff] [blame]915#if !defined(MBEDTLS_X509_REMOVE_INFO)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]916 if ((result) == 0) {
917 res = mbedtls_x509_crt_info((char *)output, 2000, "", &crt);
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]918
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]919 TEST_ASSERT(res != -1);
920 TEST_ASSERT(res != -2);
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]921
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]922 TEST_ASSERT(strcmp((char *)output, result_str) == 0);
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]923 }
Hanno Beckerb4e5ddc2020-10-09 09:36:01 +0100[diff] [blame]924#endif /* !MBEDTLS_X509_REMOVE_INFO */
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]925
926exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]927 mbedtls_x509_crt_free(&crt);
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]928}
929/* END_CASE */
930
931/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]932void x509parse_crt_cb(data_t *buf, char *result_str, int result)
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]933{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]934 mbedtls_x509_crt crt;
935 mbedtls_x509_buf oid;
Hanno Beckerfff2d572020-10-09 09:45:19 +0100[diff] [blame]936
937#if !defined(MBEDTLS_X509_REMOVE_INFO)
938 unsigned char output[2000] = { 0 };
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]939 int res;
Hanno Beckerfff2d572020-10-09 09:45:19 +0100[diff] [blame]940#else
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]941 ((void)result_str);
Hanno Beckerfff2d572020-10-09 09:45:19 +0100[diff] [blame]942#endif
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]943
Nicola Di Lietoe58b4632020-05-29 22:58:25 +0200[diff] [blame]944 oid.tag = MBEDTLS_ASN1_OID;
945 oid.len = MBEDTLS_OID_SIZE(MBEDTLS_OID_PKIX "\x01\x1F");
946 oid.p = (unsigned char *)MBEDTLS_OID_PKIX "\x01\x1F";
947
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]948 mbedtls_x509_crt_init(&crt);
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]949
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]950 TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len,
951 0, parse_crt_ext_cb,
952 &oid) == (result));
Hanno Beckerfff2d572020-10-09 09:45:19 +0100[diff] [blame]953#if !defined(MBEDTLS_X509_REMOVE_INFO)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]954 if ((result) == 0) {
955 res = mbedtls_x509_crt_info((char *)output, 2000, "", &crt);
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]956
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]957 TEST_ASSERT(res != -1);
958 TEST_ASSERT(res != -2);
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]959
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]960 TEST_ASSERT(strcmp((char *)output, result_str) == 0);
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]961 }
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]962 memset(output, 0, 2000);
Hanno Beckerfff2d572020-10-09 09:45:19 +0100[diff] [blame]963#endif /* !MBEDTLS_X509_REMOVE_INFO */
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]964
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]965 mbedtls_x509_crt_free(&crt);
966 mbedtls_x509_crt_init(&crt);
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]967
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]968 TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len,
969 1, parse_crt_ext_cb,
970 &oid) == (result));
Hanno Beckerfff2d572020-10-09 09:45:19 +0100[diff] [blame]971#if !defined(MBEDTLS_X509_REMOVE_INFO)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]972 if ((result) == 0) {
973 res = mbedtls_x509_crt_info((char *)output, 2000, "", &crt);
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]974
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]975 TEST_ASSERT(res != -1);
976 TEST_ASSERT(res != -2);
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]977
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]978 TEST_ASSERT(strcmp((char *)output, result_str) == 0);
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]979 }
Hanno Beckerfff2d572020-10-09 09:45:19 +0100[diff] [blame]980#endif /* !MBEDTLS_X509_REMOVE_INFO */
Nicola Di Lieto17bb60c2020-05-28 23:04:15 +0200[diff] [blame]981
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]982exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]983 mbedtls_x509_crt_free(&crt);
Paul Bakkerb2c38f52009-07-19 19:36:15 +0000[diff] [blame]984}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]985/* END_CASE */
Paul Bakkerb2c38f52009-07-19 19:36:15 +0000[diff] [blame]986
Hanno Becker612a2f12020-10-09 09:19:39 +0100[diff] [blame]987/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]988void x509parse_crl(data_t *buf, char *result_str, int result)
Paul Bakker6b0fa4f2009-07-20 20:35:41 +0000[diff] [blame]989{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]990 mbedtls_x509_crl crl;
Paul Bakker6b0fa4f2009-07-20 20:35:41 +0000[diff] [blame]991 unsigned char output[2000];
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]992 int res;
Paul Bakker6b0fa4f2009-07-20 20:35:41 +0000[diff] [blame]993
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]994 mbedtls_x509_crl_init(&crl);
995 memset(output, 0, 2000);
Paul Bakker6b0fa4f2009-07-20 20:35:41 +0000[diff] [blame]996
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]997 TEST_ASSERT(mbedtls_x509_crl_parse(&crl, buf->x, buf->len) == (result));
998 if ((result) == 0) {
999 res = mbedtls_x509_crl_info((char *)output, 2000, "", &crl);
Paul Bakker6b0fa4f2009-07-20 20:35:41 +0000[diff] [blame]1000
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1001 TEST_ASSERT(res != -1);
1002 TEST_ASSERT(res != -2);
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1003
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1004 TEST_ASSERT(strcmp((char *)output, result_str) == 0);
Paul Bakker6b0fa4f2009-07-20 20:35:41 +0000[diff] [blame]1005 }
Paul Bakkerb08e6842012-02-11 18:43:20 +0000[diff] [blame]1006
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1007exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1008 mbedtls_x509_crl_free(&crl);
Paul Bakker6b0fa4f2009-07-20 20:35:41 +0000[diff] [blame]1009}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1010/* END_CASE */
Paul Bakker6b0fa4f2009-07-20 20:35:41 +0000[diff] [blame]1011
Hanno Becker612a2f12020-10-09 09:19:39 +0100[diff] [blame]1012/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1013void mbedtls_x509_csr_parse(data_t *csr_der, char *ref_out, int ref_ret)
Manuel Pégourié-Gonnardd77cd5d2014-06-13 11:13:15 +0200[diff] [blame]1014{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1015 mbedtls_x509_csr csr;
Manuel Pégourié-Gonnardd77cd5d2014-06-13 11:13:15 +0200[diff] [blame]1016 char my_out[1000];
Manuel Pégourié-Gonnardd77cd5d2014-06-13 11:13:15 +0200[diff] [blame]1017 int my_ret;
1018
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1019 mbedtls_x509_csr_init(&csr);
1020 memset(my_out, 0, sizeof(my_out));
Manuel Pégourié-Gonnardd77cd5d2014-06-13 11:13:15 +0200[diff] [blame]1021
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1022 my_ret = mbedtls_x509_csr_parse_der(&csr, csr_der->x, csr_der->len);
1023 TEST_ASSERT(my_ret == ref_ret);
Manuel Pégourié-Gonnardd77cd5d2014-06-13 11:13:15 +0200[diff] [blame]1024
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1025 if (ref_ret == 0) {
1026 size_t my_out_len =
1027 mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr);
1028 TEST_ASSERT(my_out_len == strlen(ref_out));
1029 TEST_ASSERT(strcmp(my_out, ref_out) == 0);
Manuel Pégourié-Gonnardd77cd5d2014-06-13 11:13:15 +0200[diff] [blame]1030 }
1031
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1032exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1033 mbedtls_x509_csr_free(&csr);
Manuel Pégourié-Gonnardd77cd5d2014-06-13 11:13:15 +0200[diff] [blame]1034}
1035/* END_CASE */
1036
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1037/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1038void mbedtls_x509_crt_parse_path(char *crt_path, int ret, int nb_crt)
Manuel Pégourié-Gonnardfbae2a12013-11-26 16:43:39 +0100[diff] [blame]1039{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1040 mbedtls_x509_crt chain, *cur;
Manuel Pégourié-Gonnardfbae2a12013-11-26 16:43:39 +0100[diff] [blame]1041 int i;
1042
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1043 mbedtls_x509_crt_init(&chain);
Manuel Pégourié-Gonnardfbae2a12013-11-26 16:43:39 +0100[diff] [blame]1044
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1045 TEST_ASSERT(mbedtls_x509_crt_parse_path(&chain, crt_path) == ret);
Manuel Pégourié-Gonnardfbae2a12013-11-26 16:43:39 +0100[diff] [blame]1046
1047 /* Check how many certs we got */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1048 for (i = 0, cur = &chain; cur != NULL; cur = cur->next)
1049 if (cur->raw.p != NULL)
Manuel Pégourié-Gonnardfbae2a12013-11-26 16:43:39 +0100[diff] [blame]1050 i++;
1051
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1052 TEST_ASSERT(i == nb_crt);
Manuel Pégourié-Gonnardfbae2a12013-11-26 16:43:39 +0100[diff] [blame]1053
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1054exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1055 mbedtls_x509_crt_free(&chain);
Manuel Pégourié-Gonnardfbae2a12013-11-26 16:43:39 +0100[diff] [blame]1056}
1057/* END_CASE */
1058
Janos Follath822b2c32015-10-11 10:25:22 +0200[diff] [blame]1059/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1060void mbedtls_x509_crt_verify_max(char *ca_file,
1061 char *chain_dir,
1062 int nb_int,
1063 int ret_chk,
1064 int flags_chk)
Manuel Pégourié-Gonnard1beb0482017-06-05 13:49:44 +0200[diff] [blame]1065{
1066 char file_buf[128];
1067 int ret;
1068 uint32_t flags;
1069 mbedtls_x509_crt trusted, chain;
1070
1071 /*
1072 * We expect chain_dir to contain certificates 00.crt, 01.crt, etc.
1073 * with NN.crt signed by NN-1.crt
1074 */
1075
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1076 mbedtls_x509_crt_init(&trusted);
1077 mbedtls_x509_crt_init(&chain);
Manuel Pégourié-Gonnard1beb0482017-06-05 13:49:44 +0200[diff] [blame]1078
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1079 USE_PSA_INIT();
Gilles Peskine9de97e22021-02-02 21:00:11 +0100[diff] [blame]1080
Manuel Pégourié-Gonnard1beb0482017-06-05 13:49:44 +0200[diff] [blame]1081 /* Load trusted root */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1082 TEST_ASSERT(mbedtls_x509_crt_parse_file(&trusted, ca_file) == 0);
Manuel Pégourié-Gonnard1beb0482017-06-05 13:49:44 +0200[diff] [blame]1083
1084 /* Load a chain with nb_int intermediates (from 01 to nb_int),
1085 * plus one "end-entity" cert (nb_int + 1) */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1086 ret = mbedtls_snprintf(file_buf, sizeof(file_buf), "%s/c%02d.pem",
1087 chain_dir, nb_int + 1);
1088 TEST_ASSERT(ret > 0 && (size_t)ret < sizeof(file_buf));
1089 TEST_ASSERT(mbedtls_x509_crt_parse_file(&chain, file_buf) == 0);
Manuel Pégourié-Gonnard1beb0482017-06-05 13:49:44 +0200[diff] [blame]1090
1091 /* Try to verify that chain */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1092 ret = mbedtls_x509_crt_verify(&chain, &trusted, NULL, NULL, &flags, NULL,
1093 NULL);
1094 TEST_ASSERT(ret == ret_chk);
1095 TEST_ASSERT(flags == (uint32_t)flags_chk);
Manuel Pégourié-Gonnard1beb0482017-06-05 13:49:44 +0200[diff] [blame]1096
1097exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1098 mbedtls_x509_crt_free(&chain);
1099 mbedtls_x509_crt_free(&trusted);
1100 USE_PSA_DONE();
Manuel Pégourié-Gonnard1beb0482017-06-05 13:49:44 +0200[diff] [blame]1101}
1102/* END_CASE */
1103
1104/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1105void mbedtls_x509_crt_verify_chain(char *chain_paths,
1106 char *trusted_ca,
1107 int flags_result,
1108 int result,
1109 char *profile_name,
1110 int vrfy_fatal_lvls)
Janos Follath822b2c32015-10-11 10:25:22 +0200[diff] [blame]1111{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1112 char *act;
Janos Follath822b2c32015-10-11 10:25:22 +0200[diff] [blame]1113 uint32_t flags;
Manuel Pégourié-Gonnarde54931f2017-05-22 12:04:25 +0200[diff] [blame]1114 int res;
Manuel Pégourié-Gonnarde670f902015-10-30 09:23:19 +0100[diff] [blame]1115 mbedtls_x509_crt trusted, chain;
Manuel Pégourié-Gonnarde54931f2017-05-22 12:04:25 +0200[diff] [blame]1116 const mbedtls_x509_crt_profile *profile = NULL;
Janos Follathef4f2582015-10-11 16:17:27 +0200[diff] [blame]1117
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1118 mbedtls_x509_crt_init(&chain);
1119 mbedtls_x509_crt_init(&trusted);
Janos Follath822b2c32015-10-11 10:25:22 +0200[diff] [blame]1120
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1121 USE_PSA_INIT();
Gilles Peskine9de97e22021-02-02 21:00:11 +0100[diff] [blame]1122
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1123 while ((act = mystrsep(&chain_paths, " ")) != NULL)
1124 TEST_ASSERT(mbedtls_x509_crt_parse_file(&chain, act) == 0);
1125 TEST_ASSERT(mbedtls_x509_crt_parse_file(&trusted, trusted_ca) == 0);
Janos Follath822b2c32015-10-11 10:25:22 +0200[diff] [blame]1126
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1127 if (strcmp(profile_name, "") == 0)
Manuel Pégourié-Gonnarde54931f2017-05-22 12:04:25 +0200[diff] [blame]1128 profile = &mbedtls_x509_crt_profile_default;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1129 else if (strcmp(profile_name, "next") == 0)
Manuel Pégourié-Gonnarde54931f2017-05-22 12:04:25 +0200[diff] [blame]1130 profile = &mbedtls_x509_crt_profile_next;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1131 else if (strcmp(profile_name, "suiteb") == 0)
Manuel Pégourié-Gonnarde54931f2017-05-22 12:04:25 +0200[diff] [blame]1132 profile = &mbedtls_x509_crt_profile_suiteb;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1133 else if (strcmp(profile_name, "rsa3072") == 0)
Manuel Pégourié-Gonnard6622fed2017-05-23 11:29:29 +0200[diff] [blame]1134 profile = &profile_rsa3072;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1135 else if (strcmp(profile_name, "sha512") == 0)
Manuel Pégourié-Gonnard6622fed2017-05-23 11:29:29 +0200[diff] [blame]1136 profile = &profile_sha512;
Manuel Pégourié-Gonnarde54931f2017-05-22 12:04:25 +0200[diff] [blame]1137
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1138 res = mbedtls_x509_crt_verify_with_profile(&chain, &trusted, NULL, profile,
1139 NULL, &flags, verify_fatal,
1140 &vrfy_fatal_lvls);
Janos Follathef4f2582015-10-11 16:17:27 +0200[diff] [blame]1141
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1142 TEST_ASSERT(res == (result));
1143 TEST_ASSERT(flags == (uint32_t)(flags_result));
Janos Follath822b2c32015-10-11 10:25:22 +0200[diff] [blame]1144
1145exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1146 mbedtls_x509_crt_free(&trusted);
1147 mbedtls_x509_crt_free(&chain);
1148 USE_PSA_DONE();
Janos Follath822b2c32015-10-11 10:25:22 +0200[diff] [blame]1149}
1150/* END_CASE */
1151
Hanno Becker612a2f12020-10-09 09:19:39 +0100[diff] [blame]1152/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C:!MBEDTLS_X509_REMOVE_INFO */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1153void x509_oid_desc(data_t *buf, char *ref_desc)
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100[diff] [blame]1154{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1155 mbedtls_x509_buf oid;
Manuel Pégourié-Gonnard48d3cef2015-03-20 18:14:26 +0000[diff] [blame]1156 const char *desc = NULL;
Manuel Pégourié-Gonnard48d3cef2015-03-20 18:14:26 +0000[diff] [blame]1157 int ret;
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100[diff] [blame]1158
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1159 oid.tag = MBEDTLS_ASN1_OID;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1160 oid.p = buf->x;
1161 oid.len = buf->len;
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100[diff] [blame]1162
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1163 ret = mbedtls_oid_get_extended_key_usage(&oid, &desc);
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100[diff] [blame]1164
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1165 if (strcmp(ref_desc, "notfound") == 0) {
1166 TEST_ASSERT(ret != 0);
1167 TEST_ASSERT(desc == NULL);
1168 } else {
1169 TEST_ASSERT(ret == 0);
1170 TEST_ASSERT(desc != NULL);
1171 TEST_ASSERT(strcmp(desc, ref_desc) == 0);
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100[diff] [blame]1172 }
1173}
1174/* END_CASE */
1175
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1176/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1177void x509_oid_numstr(data_t *oid_buf, char *numstr, int blen, int ret)
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100[diff] [blame]1178{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1179 mbedtls_x509_buf oid;
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100[diff] [blame]1180 char num_buf[100];
1181
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1182 memset(num_buf, 0x2a, sizeof(num_buf));
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100[diff] [blame]1183
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1184 oid.tag = MBEDTLS_ASN1_OID;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1185 oid.p = oid_buf->x;
1186 oid.len = oid_buf->len;
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100[diff] [blame]1187
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1188 TEST_ASSERT((size_t)blen <= sizeof(num_buf));
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100[diff] [blame]1189
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1190 TEST_ASSERT(mbedtls_oid_get_numeric_string(num_buf, blen, &oid) == ret);
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100[diff] [blame]1191
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1192 if (ret >= 0) {
1193 TEST_ASSERT(num_buf[ret] == 0);
1194 TEST_ASSERT(strcmp(num_buf, numstr) == 0);
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100[diff] [blame]1195 }
1196}
1197/* END_CASE */
1198
TRodziewicz442fdc22021-06-07 13:52:23 +0200[diff] [blame]1199/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1200void x509_check_key_usage(char *crt_file, int usage, int ret)
Manuel Pégourié-Gonnard603116c2014-04-09 09:50:03 +0200[diff] [blame]1201{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1202 mbedtls_x509_crt crt;
Manuel Pégourié-Gonnard603116c2014-04-09 09:50:03 +0200[diff] [blame]1203
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1204 mbedtls_x509_crt_init(&crt);
Manuel Pégourié-Gonnard603116c2014-04-09 09:50:03 +0200[diff] [blame]1205
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1206 TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
Manuel Pégourié-Gonnard603116c2014-04-09 09:50:03 +0200[diff] [blame]1207
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1208 TEST_ASSERT(mbedtls_x509_crt_check_key_usage(&crt, usage) == ret);
Manuel Pégourié-Gonnard603116c2014-04-09 09:50:03 +0200[diff] [blame]1209
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1210exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1211 mbedtls_x509_crt_free(&crt);
Manuel Pégourié-Gonnard603116c2014-04-09 09:50:03 +0200[diff] [blame]1212}
1213/* END_CASE */
1214
TRodziewicz442fdc22021-06-07 13:52:23 +0200[diff] [blame]1215/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1216void x509_check_extended_key_usage(char *crt_file, data_t *oid, int ret)
Manuel Pégourié-Gonnard7afb8a02014-04-10 17:53:56 +0200[diff] [blame]1217{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1218 mbedtls_x509_crt crt;
Manuel Pégourié-Gonnard7afb8a02014-04-10 17:53:56 +0200[diff] [blame]1219
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1220 mbedtls_x509_crt_init(&crt);
Manuel Pégourié-Gonnard7afb8a02014-04-10 17:53:56 +0200[diff] [blame]1221
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1222 TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
Manuel Pégourié-Gonnard7afb8a02014-04-10 17:53:56 +0200[diff] [blame]1223
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1224 TEST_ASSERT(mbedtls_x509_crt_check_extended_key_usage(
1225 &crt, (const char *)oid->x, oid->len) == ret);
Manuel Pégourié-Gonnard7afb8a02014-04-10 17:53:56 +0200[diff] [blame]1226
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1227exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1228 mbedtls_x509_crt_free(&crt);
Manuel Pégourié-Gonnard7afb8a02014-04-10 17:53:56 +0200[diff] [blame]1229}
1230/* END_CASE */
1231
Andres AG4b76aec2016-09-23 13:16:02 +0100[diff] [blame]1232/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1233void x509_get_time(int tag,
1234 char *time_str,
1235 int ret,
1236 int year,
1237 int mon,
1238 int day,
1239 int hour,
1240 int min,
1241 int sec)
Andres AG4b76aec2016-09-23 13:16:02 +0100[diff] [blame]1242{
1243 mbedtls_x509_time time;
Janos Follathea7054a2017-02-08 14:13:02 +0000[diff] [blame]1244 unsigned char buf[21];
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1245 unsigned char *start = buf;
1246 unsigned char *end = buf;
Andres AG4b76aec2016-09-23 13:16:02 +0100[diff] [blame]1247
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1248 memset(&time, 0x00, sizeof(time));
1249 *end = (unsigned char)tag;
Andres AG4b76aec2016-09-23 13:16:02 +0100[diff] [blame]1250 end++;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1251 *end = strlen(time_str);
1252 TEST_ASSERT(*end < 20);
1253 end++;
1254 memcpy(end, time_str, (size_t) * (end - 1));
Andres AG4b76aec2016-09-23 13:16:02 +0100[diff] [blame]1255 end += *(end - 1);
1256
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1257 TEST_ASSERT(mbedtls_x509_get_time(&start, end, &time) == ret);
1258 if (ret == 0) {
1259 TEST_ASSERT(year == time.year);
1260 TEST_ASSERT(mon == time.mon);
1261 TEST_ASSERT(day == time.day);
1262 TEST_ASSERT(hour == time.hour);
1263 TEST_ASSERT(min == time.min);
1264 TEST_ASSERT(sec == time.sec);
Andres AG4b76aec2016-09-23 13:16:02 +0100[diff] [blame]1265 }
1266}
1267/* END_CASE */
1268
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1269/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1270void x509_parse_rsassa_pss_params(data_t *params,
1271 int params_tag,
1272 int ref_msg_md,
1273 int ref_mgf_md,
1274 int ref_salt_len,
1275 int ref_ret)
Manuel Pégourié-Gonnard85403692014-06-06 14:48:38 +0200[diff] [blame]1276{
1277 int my_ret;
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]1278 mbedtls_x509_buf buf;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1279 mbedtls_md_type_t my_msg_md, my_mgf_md;
Manuel Pégourié-Gonnard85403692014-06-06 14:48:38 +0200[diff] [blame]1280 int my_salt_len;
1281
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]1282 buf.p = params->x;
1283 buf.len = params->len;
1284 buf.tag = params_tag;
Manuel Pégourié-Gonnard85403692014-06-06 14:48:38 +0200[diff] [blame]1285
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1286 my_ret = mbedtls_x509_get_rsassa_pss_params(&buf, &my_msg_md, &my_mgf_md,
1287 &my_salt_len);
Manuel Pégourié-Gonnard85403692014-06-06 14:48:38 +0200[diff] [blame]1288
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1289 TEST_ASSERT(my_ret == ref_ret);
Manuel Pégourié-Gonnard85403692014-06-06 14:48:38 +0200[diff] [blame]1290
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1291 if (ref_ret == 0) {
1292 TEST_ASSERT(my_msg_md == (mbedtls_md_type_t)ref_msg_md);
1293 TEST_ASSERT(my_mgf_md == (mbedtls_md_type_t)ref_mgf_md);
1294 TEST_ASSERT(my_salt_len == ref_salt_len);
Manuel Pégourié-Gonnard85403692014-06-06 14:48:38 +0200[diff] [blame]1295 }
1296
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1297exit:;
1298 ;
Manuel Pégourié-Gonnard85403692014-06-06 14:48:38 +0200[diff] [blame]1299}
1300/* END_CASE */