Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 1 | /* BEGIN_HEADER */ |
Mohammad Azim Khan | cf32c45 | 2017-06-13 14:55:58 +0100 | [diff] [blame] | 2 | #include "mbedtls/bignum.h" |
Manuel Pégourié-Gonnard | 7f80997 | 2015-03-09 17:05:11 +0000 | [diff] [blame] | 3 | #include "mbedtls/x509_crt.h" |
| 4 | #include "mbedtls/x509_csr.h" |
| 5 | #include "mbedtls/pem.h" |
| 6 | #include "mbedtls/oid.h" |
Hanno Becker | 418a622 | 2017-09-14 07:51:28 +0100 | [diff] [blame] | 7 | #include "mbedtls/rsa.h" |
Manuel Pégourié-Gonnard | feb0396 | 2020-08-20 09:59:33 +0200 | [diff] [blame] | 8 | |
Hanno Becker | 418a622 | 2017-09-14 07:51:28 +0100 | [diff] [blame] | 9 | #if defined(MBEDTLS_RSA_C) |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 10 | int mbedtls_rsa_decrypt_func(void *ctx, |
| 11 | size_t *olen, |
| 12 | const unsigned char *input, |
| 13 | unsigned char *output, |
| 14 | size_t output_max_len) |
Hanno Becker | 418a622 | 2017-09-14 07:51:28 +0100 | [diff] [blame] | 15 | { |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 16 | return (mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *)ctx, NULL, NULL, |
| 17 | olen, input, output, output_max_len)); |
Hanno Becker | 418a622 | 2017-09-14 07:51:28 +0100 | [diff] [blame] | 18 | } |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 19 | int mbedtls_rsa_sign_func(void *ctx, |
| 20 | int (*f_rng)(void *, unsigned char *, size_t), |
| 21 | void *p_rng, |
| 22 | mbedtls_md_type_t md_alg, |
| 23 | unsigned int hashlen, |
| 24 | const unsigned char *hash, |
| 25 | unsigned char *sig) |
Hanno Becker | 418a622 | 2017-09-14 07:51:28 +0100 | [diff] [blame] | 26 | { |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 27 | return (mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *)ctx, f_rng, p_rng, |
| 28 | md_alg, hashlen, hash, sig)); |
Hanno Becker | 418a622 | 2017-09-14 07:51:28 +0100 | [diff] [blame] | 29 | } |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 30 | size_t mbedtls_rsa_key_len_func(void *ctx) |
Hanno Becker | 418a622 | 2017-09-14 07:51:28 +0100 | [diff] [blame] | 31 | { |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 32 | return ((const mbedtls_rsa_context *)ctx)->len; |
Hanno Becker | 418a622 | 2017-09-14 07:51:28 +0100 | [diff] [blame] | 33 | } |
| 34 | #endif /* MBEDTLS_RSA_C */ |
| 35 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 36 | #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PEM_WRITE_C) && \ |
| 37 | defined(MBEDTLS_X509_CSR_WRITE_C) |
| 38 | static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) |
Andrzej Kurek | 5f7bad3 | 2018-11-19 10:12:37 -0500 | [diff] [blame] | 39 | { |
| 40 | unsigned char hash[MBEDTLS_MD_MAX_SIZE]; |
| 41 | const mbedtls_md_info_t *md_info; |
| 42 | mbedtls_x509_csr csr; |
Hanno Becker | bf2dacb | 2019-06-03 16:28:24 +0100 | [diff] [blame] | 43 | int ret = 0; |
| 44 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 45 | mbedtls_x509_csr_init(&csr); |
Andrzej Kurek | 5f7bad3 | 2018-11-19 10:12:37 -0500 | [diff] [blame] | 46 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 47 | if (mbedtls_x509_csr_parse(&csr, buf, buflen) != 0) { |
Hanno Becker | bf2dacb | 2019-06-03 16:28:24 +0100 | [diff] [blame] | 48 | ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
| 49 | goto cleanup; |
| 50 | } |
Andrzej Kurek | 5f7bad3 | 2018-11-19 10:12:37 -0500 | [diff] [blame] | 51 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 52 | md_info = mbedtls_md_info_from_type(csr.sig_md); |
| 53 | if (mbedtls_md(md_info, csr.cri.p, csr.cri.len, hash) != 0) { |
Andrzej Kurek | 4b11407 | 2018-11-19 18:04:01 -0500 | [diff] [blame] | 54 | /* Note: this can't happen except after an internal error */ |
Hanno Becker | bf2dacb | 2019-06-03 16:28:24 +0100 | [diff] [blame] | 55 | ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
| 56 | goto cleanup; |
Andrzej Kurek | 4b11407 | 2018-11-19 18:04:01 -0500 | [diff] [blame] | 57 | } |
Andrzej Kurek | 5f7bad3 | 2018-11-19 10:12:37 -0500 | [diff] [blame] | 58 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 59 | if (mbedtls_pk_verify_ext(csr.sig_pk, csr.sig_opts, &csr.pk, csr.sig_md, |
| 60 | hash, mbedtls_md_get_size(md_info), csr.sig.p, |
| 61 | csr.sig.len) != 0) { |
Hanno Becker | bf2dacb | 2019-06-03 16:28:24 +0100 | [diff] [blame] | 62 | ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; |
| 63 | goto cleanup; |
Andrzej Kurek | 4b11407 | 2018-11-19 18:04:01 -0500 | [diff] [blame] | 64 | } |
Andrzej Kurek | 5f7bad3 | 2018-11-19 10:12:37 -0500 | [diff] [blame] | 65 | |
Hanno Becker | bf2dacb | 2019-06-03 16:28:24 +0100 | [diff] [blame] | 66 | cleanup: |
| 67 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 68 | mbedtls_x509_csr_free(&csr); |
| 69 | return ret; |
Andrzej Kurek | 5f7bad3 | 2018-11-19 10:12:37 -0500 | [diff] [blame] | 70 | } |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 71 | #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C && \ |
| 72 | MBEDTLS_X509_CSR_WRITE_C */ |
Andrzej Kurek | 5f7bad3 | 2018-11-19 10:12:37 -0500 | [diff] [blame] | 73 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 74 | /* END_HEADER */ |
Paul Bakker | 6d62050 | 2012-02-16 14:09:13 +0000 | [diff] [blame] | 75 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 76 | /* BEGIN_DEPENDENCIES |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 77 | * depends_on:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO:MBEDTLS_PK_PARSE_C |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 78 | * END_DEPENDENCIES |
| 79 | */ |
Paul Bakker | 6d62050 | 2012-02-16 14:09:13 +0000 | [diff] [blame] | 80 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 81 | /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */ |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 82 | void x509_csr_check(char *key_file, |
| 83 | char *cert_req_check_file, |
| 84 | int md_type, |
| 85 | int key_usage, |
| 86 | int set_key_usage, |
| 87 | int cert_type, |
| 88 | int set_cert_type) |
Paul Bakker | 6d62050 | 2012-02-16 14:09:13 +0000 | [diff] [blame] | 89 | { |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 90 | mbedtls_pk_context key; |
| 91 | mbedtls_x509write_csr req; |
Andres AG | e0af995 | 2016-09-07 11:09:44 +0100 | [diff] [blame] | 92 | unsigned char buf[4096]; |
Paul Bakker | 6d62050 | 2012-02-16 14:09:13 +0000 | [diff] [blame] | 93 | unsigned char check_buf[4000]; |
| 94 | int ret; |
Paul Elliott | 557b8d6 | 2020-11-19 09:46:56 +0000 | [diff] [blame] | 95 | size_t olen = 0, pem_len = 0, buf_index; |
Andres AG | e0af995 | 2016-09-07 11:09:44 +0100 | [diff] [blame] | 96 | int der_len = -1; |
Paul Bakker | 6d62050 | 2012-02-16 14:09:13 +0000 | [diff] [blame] | 97 | FILE *f; |
Paul Bakker | 3a8cb6f | 2013-12-30 20:41:54 +0100 | [diff] [blame] | 98 | const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; |
Ronald Cron | 351f0ee | 2020-06-10 12:12:18 +0200 | [diff] [blame] | 99 | mbedtls_test_rnd_pseudo_info rnd_info; |
Paul Bakker | 6d62050 | 2012-02-16 14:09:13 +0000 | [diff] [blame] | 100 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 101 | memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); |
Manuel Pégourié-Gonnard | ee73179 | 2013-09-11 22:48:40 +0200 | [diff] [blame] | 102 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 103 | mbedtls_pk_init(&key); |
| 104 | TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL, |
| 105 | mbedtls_test_rnd_std_rand, NULL) == 0); |
Paul Bakker | 6d62050 | 2012-02-16 14:09:13 +0000 | [diff] [blame] | 106 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 107 | mbedtls_x509write_csr_init(&req); |
| 108 | mbedtls_x509write_csr_set_md_alg(&req, md_type); |
| 109 | mbedtls_x509write_csr_set_key(&req, &key); |
| 110 | TEST_ASSERT(mbedtls_x509write_csr_set_subject_name(&req, subject_name) == |
| 111 | 0); |
| 112 | if (set_key_usage != 0) |
| 113 | TEST_ASSERT(mbedtls_x509write_csr_set_key_usage(&req, key_usage) == 0); |
| 114 | if (set_cert_type != 0) |
| 115 | TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == |
| 116 | 0); |
Paul Bakker | 8eabfc1 | 2013-08-25 10:18:25 +0200 | [diff] [blame] | 117 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 118 | ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf), |
| 119 | mbedtls_test_rnd_pseudo_rand, &rnd_info); |
| 120 | TEST_ASSERT(ret == 0); |
Paul Bakker | 6d62050 | 2012-02-16 14:09:13 +0000 | [diff] [blame] | 121 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 122 | pem_len = strlen((char *)buf); |
Paul Bakker | 6d62050 | 2012-02-16 14:09:13 +0000 | [diff] [blame] | 123 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 124 | for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) { |
| 125 | TEST_ASSERT(buf[buf_index] == 0); |
Paul Elliott | 557b8d6 | 2020-11-19 09:46:56 +0000 | [diff] [blame] | 126 | } |
| 127 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 128 | f = fopen(cert_req_check_file, "r"); |
| 129 | TEST_ASSERT(f != NULL); |
| 130 | olen = fread(check_buf, 1, sizeof(check_buf), f); |
| 131 | fclose(f); |
Paul Bakker | 6d62050 | 2012-02-16 14:09:13 +0000 | [diff] [blame] | 132 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 133 | TEST_ASSERT(olen >= pem_len - 1); |
| 134 | TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); |
Paul Bakker | 58ef6ec | 2013-01-03 11:33:48 +0100 | [diff] [blame] | 135 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 136 | der_len = mbedtls_x509write_csr_der( |
| 137 | &req, buf, sizeof(buf), mbedtls_test_rnd_pseudo_rand, &rnd_info); |
| 138 | TEST_ASSERT(der_len >= 0); |
Andres AG | e0af995 | 2016-09-07 11:09:44 +0100 | [diff] [blame] | 139 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 140 | if (der_len == 0) |
Andres AG | e0af995 | 2016-09-07 11:09:44 +0100 | [diff] [blame] | 141 | goto exit; |
| 142 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 143 | ret = mbedtls_x509write_csr_der(&req, buf, (size_t)(der_len - 1), |
| 144 | mbedtls_test_rnd_pseudo_rand, &rnd_info); |
| 145 | TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); |
Andres AG | e0af995 | 2016-09-07 11:09:44 +0100 | [diff] [blame] | 146 | |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 147 | exit: |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 148 | mbedtls_x509write_csr_free(&req); |
| 149 | mbedtls_pk_free(&key); |
Paul Bakker | 6d62050 | 2012-02-16 14:09:13 +0000 | [diff] [blame] | 150 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 151 | /* END_CASE */ |
Paul Bakker | 2397cf3 | 2013-09-08 15:58:15 +0200 | [diff] [blame] | 152 | |
Andrzej Kurek | 5f7bad3 | 2018-11-19 10:12:37 -0500 | [diff] [blame] | 153 | /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C:MBEDTLS_USE_PSA_CRYPTO */ |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 154 | void x509_csr_check_opaque(char *key_file, |
| 155 | int md_type, |
| 156 | int key_usage, |
| 157 | int cert_type) |
Andrzej Kurek | 5f7bad3 | 2018-11-19 10:12:37 -0500 | [diff] [blame] | 158 | { |
| 159 | mbedtls_pk_context key; |
Ronald Cron | 5425a21 | 2020-08-04 14:58:35 +0200 | [diff] [blame] | 160 | mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; |
Andrzej Kurek | 5f7bad3 | 2018-11-19 10:12:37 -0500 | [diff] [blame] | 161 | psa_algorithm_t md_alg_psa; |
| 162 | mbedtls_x509write_csr req; |
| 163 | unsigned char buf[4096]; |
| 164 | int ret; |
| 165 | size_t pem_len = 0; |
| 166 | const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; |
Ronald Cron | 351f0ee | 2020-06-10 12:12:18 +0200 | [diff] [blame] | 167 | mbedtls_test_rnd_pseudo_info rnd_info; |
Andrzej Kurek | 5f7bad3 | 2018-11-19 10:12:37 -0500 | [diff] [blame] | 168 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 169 | PSA_INIT(); |
| 170 | memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); |
Andrzej Kurek | 5f7bad3 | 2018-11-19 10:12:37 -0500 | [diff] [blame] | 171 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 172 | md_alg_psa = mbedtls_psa_translate_md((mbedtls_md_type_t)md_type); |
| 173 | TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE); |
Andrzej Kurek | 967cfd1 | 2018-11-20 02:53:17 -0500 | [diff] [blame] | 174 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 175 | mbedtls_pk_init(&key); |
| 176 | TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL, |
| 177 | mbedtls_test_rnd_std_rand, NULL) == 0); |
| 178 | TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&key, &key_id, md_alg_psa) == 0); |
Andrzej Kurek | 5f7bad3 | 2018-11-19 10:12:37 -0500 | [diff] [blame] | 179 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 180 | mbedtls_x509write_csr_init(&req); |
| 181 | mbedtls_x509write_csr_set_md_alg(&req, md_type); |
| 182 | mbedtls_x509write_csr_set_key(&req, &key); |
| 183 | TEST_ASSERT(mbedtls_x509write_csr_set_subject_name(&req, subject_name) == |
| 184 | 0); |
| 185 | if (key_usage != 0) |
| 186 | TEST_ASSERT(mbedtls_x509write_csr_set_key_usage(&req, key_usage) == 0); |
| 187 | if (cert_type != 0) |
| 188 | TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == |
| 189 | 0); |
Andrzej Kurek | 5f7bad3 | 2018-11-19 10:12:37 -0500 | [diff] [blame] | 190 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 191 | ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1, |
| 192 | mbedtls_test_rnd_pseudo_rand, &rnd_info); |
Ronald Cron | 6c5bd7f | 2020-06-10 14:08:26 +0200 | [diff] [blame] | 193 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 194 | TEST_ASSERT(ret == 0); |
Andrzej Kurek | 5f7bad3 | 2018-11-19 10:12:37 -0500 | [diff] [blame] | 195 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 196 | pem_len = strlen((char *)buf); |
Andrzej Kurek | 5f7bad3 | 2018-11-19 10:12:37 -0500 | [diff] [blame] | 197 | buf[pem_len] = '\0'; |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 198 | TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0); |
Manuel Pégourié-Gonnard | feb0396 | 2020-08-20 09:59:33 +0200 | [diff] [blame] | 199 | |
Andrzej Kurek | 5f7bad3 | 2018-11-19 10:12:37 -0500 | [diff] [blame] | 200 | exit: |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 201 | mbedtls_x509write_csr_free(&req); |
| 202 | mbedtls_pk_free(&key); |
| 203 | psa_destroy_key(key_id); |
| 204 | PSA_DONE(); |
Andrzej Kurek | 5f7bad3 | 2018-11-19 10:12:37 -0500 | [diff] [blame] | 205 | } |
| 206 | /* END_CASE */ |
| 207 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 208 | /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CRT_WRITE_C:MBEDTLS_SHA1_C */ |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 209 | void x509_crt_check(char *subject_key_file, |
| 210 | char *subject_pwd, |
| 211 | char *subject_name, |
| 212 | char *issuer_key_file, |
| 213 | char *issuer_pwd, |
| 214 | char *issuer_name, |
| 215 | char *serial_str, |
| 216 | char *not_before, |
| 217 | char *not_after, |
| 218 | int md_type, |
| 219 | int key_usage, |
| 220 | int set_key_usage, |
| 221 | int cert_type, |
| 222 | int set_cert_type, |
| 223 | int auth_ident, |
| 224 | int ver, |
| 225 | char *cert_check_file, |
| 226 | int rsa_alt, |
| 227 | int is_ca) |
Paul Bakker | 2397cf3 | 2013-09-08 15:58:15 +0200 | [diff] [blame] | 228 | { |
Hanno Becker | 418a622 | 2017-09-14 07:51:28 +0100 | [diff] [blame] | 229 | mbedtls_pk_context subject_key, issuer_key, issuer_key_alt; |
| 230 | mbedtls_pk_context *key = &issuer_key; |
| 231 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 232 | mbedtls_x509write_cert crt; |
Andres AG | e0af995 | 2016-09-07 11:09:44 +0100 | [diff] [blame] | 233 | unsigned char buf[4096]; |
Paul Bakker | 2397cf3 | 2013-09-08 15:58:15 +0200 | [diff] [blame] | 234 | unsigned char check_buf[5000]; |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 235 | mbedtls_mpi serial; |
Paul Bakker | 2397cf3 | 2013-09-08 15:58:15 +0200 | [diff] [blame] | 236 | int ret; |
Paul Elliott | 557b8d6 | 2020-11-19 09:46:56 +0000 | [diff] [blame] | 237 | size_t olen = 0, pem_len = 0, buf_index = 0; |
Andres AG | e0af995 | 2016-09-07 11:09:44 +0100 | [diff] [blame] | 238 | int der_len = -1; |
Paul Bakker | 2397cf3 | 2013-09-08 15:58:15 +0200 | [diff] [blame] | 239 | FILE *f; |
Ronald Cron | 351f0ee | 2020-06-10 12:12:18 +0200 | [diff] [blame] | 240 | mbedtls_test_rnd_pseudo_info rnd_info; |
Paul Bakker | 2397cf3 | 2013-09-08 15:58:15 +0200 | [diff] [blame] | 241 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 242 | memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); |
| 243 | mbedtls_mpi_init(&serial); |
Hanno Becker | 418a622 | 2017-09-14 07:51:28 +0100 | [diff] [blame] | 244 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 245 | mbedtls_pk_init(&subject_key); |
| 246 | mbedtls_pk_init(&issuer_key); |
| 247 | mbedtls_pk_init(&issuer_key_alt); |
Hanno Becker | 418a622 | 2017-09-14 07:51:28 +0100 | [diff] [blame] | 248 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 249 | mbedtls_x509write_crt_init(&crt); |
Paul Bakker | 2397cf3 | 2013-09-08 15:58:15 +0200 | [diff] [blame] | 250 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 251 | TEST_ASSERT(mbedtls_pk_parse_keyfile(&subject_key, subject_key_file, |
| 252 | subject_pwd, mbedtls_test_rnd_std_rand, |
| 253 | NULL) == 0); |
Hanno Becker | 418a622 | 2017-09-14 07:51:28 +0100 | [diff] [blame] | 254 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 255 | TEST_ASSERT(mbedtls_pk_parse_keyfile(&issuer_key, issuer_key_file, |
| 256 | issuer_pwd, mbedtls_test_rnd_std_rand, |
| 257 | NULL) == 0); |
Hanno Becker | 418a622 | 2017-09-14 07:51:28 +0100 | [diff] [blame] | 258 | |
Manuel Pégourié-Gonnard | 147b28e | 2018-03-12 15:26:59 +0100 | [diff] [blame] | 259 | #if defined(MBEDTLS_RSA_C) |
Hanno Becker | 418a622 | 2017-09-14 07:51:28 +0100 | [diff] [blame] | 260 | /* For RSA PK contexts, create a copy as an alternative RSA context. */ |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 261 | if (rsa_alt == 1 && mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_RSA) { |
| 262 | TEST_ASSERT(mbedtls_pk_setup_rsa_alt( |
| 263 | &issuer_key_alt, mbedtls_pk_rsa(issuer_key), |
| 264 | mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, |
| 265 | mbedtls_rsa_key_len_func) == 0); |
Hanno Becker | 418a622 | 2017-09-14 07:51:28 +0100 | [diff] [blame] | 266 | |
| 267 | key = &issuer_key_alt; |
| 268 | } |
Manuel Pégourié-Gonnard | 147b28e | 2018-03-12 15:26:59 +0100 | [diff] [blame] | 269 | #else |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 270 | (void)rsa_alt; |
Manuel Pégourié-Gonnard | 147b28e | 2018-03-12 15:26:59 +0100 | [diff] [blame] | 271 | #endif |
Hanno Becker | 418a622 | 2017-09-14 07:51:28 +0100 | [diff] [blame] | 272 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 273 | TEST_ASSERT(mbedtls_test_read_mpi(&serial, 10, serial_str) == 0); |
Paul Bakker | 2397cf3 | 2013-09-08 15:58:15 +0200 | [diff] [blame] | 274 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 275 | if (ver != -1) |
| 276 | mbedtls_x509write_crt_set_version(&crt, ver); |
Hanno Becker | 418a622 | 2017-09-14 07:51:28 +0100 | [diff] [blame] | 277 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 278 | TEST_ASSERT(mbedtls_x509write_crt_set_serial(&crt, &serial) == 0); |
| 279 | TEST_ASSERT( |
| 280 | mbedtls_x509write_crt_set_validity(&crt, not_before, not_after) == 0); |
| 281 | mbedtls_x509write_crt_set_md_alg(&crt, md_type); |
| 282 | TEST_ASSERT(mbedtls_x509write_crt_set_issuer_name(&crt, issuer_name) == 0); |
| 283 | TEST_ASSERT(mbedtls_x509write_crt_set_subject_name(&crt, subject_name) == |
| 284 | 0); |
| 285 | mbedtls_x509write_crt_set_subject_key(&crt, &subject_key); |
Hanno Becker | 418a622 | 2017-09-14 07:51:28 +0100 | [diff] [blame] | 286 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 287 | mbedtls_x509write_crt_set_issuer_key(&crt, key); |
Paul Bakker | 2397cf3 | 2013-09-08 15:58:15 +0200 | [diff] [blame] | 288 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 289 | if (crt.version >= MBEDTLS_X509_CRT_VERSION_3) { |
Darren Krahn | 9c134ce | 2021-01-13 22:04:45 -0800 | [diff] [blame] | 290 | /* For the CA case, a path length of -1 means unlimited. */ |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 291 | TEST_ASSERT(mbedtls_x509write_crt_set_basic_constraints( |
| 292 | &crt, is_ca, (is_ca ? -1 : 0)) == 0); |
| 293 | TEST_ASSERT(mbedtls_x509write_crt_set_subject_key_identifier(&crt) == |
| 294 | 0); |
| 295 | if (auth_ident) |
| 296 | TEST_ASSERT( |
| 297 | mbedtls_x509write_crt_set_authority_key_identifier(&crt) == 0); |
| 298 | if (set_key_usage != 0) |
| 299 | TEST_ASSERT(mbedtls_x509write_crt_set_key_usage(&crt, key_usage) == |
| 300 | 0); |
| 301 | if (set_cert_type != 0) |
| 302 | TEST_ASSERT( |
| 303 | mbedtls_x509write_crt_set_ns_cert_type(&crt, cert_type) == 0); |
Manuel Pégourié-Gonnard | 6c1a73e | 2014-03-28 14:03:22 +0100 | [diff] [blame] | 304 | } |
Paul Bakker | 2397cf3 | 2013-09-08 15:58:15 +0200 | [diff] [blame] | 305 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 306 | ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf), |
| 307 | mbedtls_test_rnd_pseudo_rand, &rnd_info); |
| 308 | TEST_ASSERT(ret == 0); |
Paul Bakker | 2397cf3 | 2013-09-08 15:58:15 +0200 | [diff] [blame] | 309 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 310 | pem_len = strlen((char *)buf); |
Paul Bakker | 2397cf3 | 2013-09-08 15:58:15 +0200 | [diff] [blame] | 311 | |
Paul Elliott | 557b8d6 | 2020-11-19 09:46:56 +0000 | [diff] [blame] | 312 | // check that the rest of the buffer remains clear |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 313 | for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) { |
| 314 | TEST_ASSERT(buf[buf_index] == 0); |
Paul Elliott | 557b8d6 | 2020-11-19 09:46:56 +0000 | [diff] [blame] | 315 | } |
| 316 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 317 | f = fopen(cert_check_file, "r"); |
| 318 | TEST_ASSERT(f != NULL); |
| 319 | olen = fread(check_buf, 1, sizeof(check_buf), f); |
| 320 | fclose(f); |
| 321 | TEST_ASSERT(olen < sizeof(check_buf)); |
Paul Bakker | 2397cf3 | 2013-09-08 15:58:15 +0200 | [diff] [blame] | 322 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 323 | TEST_ASSERT(olen >= pem_len - 1); |
| 324 | TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); |
Paul Bakker | 2397cf3 | 2013-09-08 15:58:15 +0200 | [diff] [blame] | 325 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 326 | der_len = mbedtls_x509write_crt_der( |
| 327 | &crt, buf, sizeof(buf), mbedtls_test_rnd_pseudo_rand, &rnd_info); |
| 328 | TEST_ASSERT(der_len >= 0); |
Andres AG | e0af995 | 2016-09-07 11:09:44 +0100 | [diff] [blame] | 329 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 330 | if (der_len == 0) |
Andres AG | e0af995 | 2016-09-07 11:09:44 +0100 | [diff] [blame] | 331 | goto exit; |
| 332 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 333 | ret = mbedtls_x509write_crt_der(&crt, buf, (size_t)(der_len - 1), |
| 334 | mbedtls_test_rnd_pseudo_rand, &rnd_info); |
| 335 | TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); |
Andres AG | e0af995 | 2016-09-07 11:09:44 +0100 | [diff] [blame] | 336 | |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 337 | exit: |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 338 | mbedtls_x509write_crt_free(&crt); |
| 339 | mbedtls_pk_free(&issuer_key_alt); |
| 340 | mbedtls_pk_free(&subject_key); |
| 341 | mbedtls_pk_free(&issuer_key); |
| 342 | mbedtls_mpi_free(&serial); |
Paul Bakker | 2397cf3 | 2013-09-08 15:58:15 +0200 | [diff] [blame] | 343 | } |
| 344 | /* END_CASE */ |
Paul Bakker | 8dcb2d7 | 2014-08-08 12:22:30 +0200 | [diff] [blame] | 345 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 346 | /* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */ |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 347 | void mbedtls_x509_string_to_names(char *name, char *parsed_name, int result) |
Paul Bakker | 8dcb2d7 | 2014-08-08 12:22:30 +0200 | [diff] [blame] | 348 | { |
| 349 | int ret; |
| 350 | size_t len = 0; |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 351 | mbedtls_asn1_named_data *names = NULL; |
| 352 | mbedtls_x509_name parsed, *parsed_cur, *parsed_prv; |
Manuel Pégourié-Gonnard | 4fd0b25 | 2015-06-26 14:15:48 +0200 | [diff] [blame] | 353 | unsigned char buf[1024], out[1024], *c; |
Paul Bakker | 8dcb2d7 | 2014-08-08 12:22:30 +0200 | [diff] [blame] | 354 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 355 | memset(&parsed, 0, sizeof(parsed)); |
| 356 | memset(out, 0, sizeof(out)); |
| 357 | memset(buf, 0, sizeof(buf)); |
| 358 | c = buf + sizeof(buf); |
Paul Bakker | 8dcb2d7 | 2014-08-08 12:22:30 +0200 | [diff] [blame] | 359 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 360 | ret = mbedtls_x509_string_to_names(&names, name); |
| 361 | TEST_ASSERT(ret == result); |
Paul Bakker | 8dcb2d7 | 2014-08-08 12:22:30 +0200 | [diff] [blame] | 362 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 363 | if (ret != 0) |
Paul Bakker | 8dcb2d7 | 2014-08-08 12:22:30 +0200 | [diff] [blame] | 364 | goto exit; |
| 365 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 366 | ret = mbedtls_x509_write_names(&c, buf, names); |
| 367 | TEST_ASSERT(ret > 0); |
Paul Bakker | 8dcb2d7 | 2014-08-08 12:22:30 +0200 | [diff] [blame] | 368 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 369 | TEST_ASSERT(mbedtls_asn1_get_tag(&c, buf + sizeof(buf), &len, |
| 370 | MBEDTLS_ASN1_CONSTRUCTED | |
| 371 | MBEDTLS_ASN1_SEQUENCE) == 0); |
| 372 | TEST_ASSERT(mbedtls_x509_get_name(&c, buf + sizeof(buf), &parsed) == 0); |
Paul Bakker | 8dcb2d7 | 2014-08-08 12:22:30 +0200 | [diff] [blame] | 373 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 374 | ret = mbedtls_x509_dn_gets((char *)out, sizeof(out), &parsed); |
| 375 | TEST_ASSERT(ret > 0); |
Paul Bakker | 8dcb2d7 | 2014-08-08 12:22:30 +0200 | [diff] [blame] | 376 | |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 377 | TEST_ASSERT(strcmp((char *)out, parsed_name) == 0); |
Paul Bakker | 8dcb2d7 | 2014-08-08 12:22:30 +0200 | [diff] [blame] | 378 | |
| 379 | exit: |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 380 | mbedtls_asn1_free_named_data_list(&names); |
Paul Bakker | 8dcb2d7 | 2014-08-08 12:22:30 +0200 | [diff] [blame] | 381 | |
| 382 | parsed_cur = parsed.next; |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 383 | while (parsed_cur != 0) { |
Paul Bakker | 8dcb2d7 | 2014-08-08 12:22:30 +0200 | [diff] [blame] | 384 | parsed_prv = parsed_cur; |
| 385 | parsed_cur = parsed_cur->next; |
Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 386 | mbedtls_free(parsed_prv); |
Paul Bakker | 8dcb2d7 | 2014-08-08 12:22:30 +0200 | [diff] [blame] | 387 | } |
| 388 | } |
| 389 | /* END_CASE */ |