blob: ce3fce3428e8c7a2f9f99e12a0cd4a09c549a6a1 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +02001/* BEGIN_HEADER */
Mohammad Azim Khancf32c452017-06-13 14:55:58 +01002#include "mbedtls/bignum.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +00003#include "mbedtls/x509_crt.h"
4#include "mbedtls/x509_csr.h"
5#include "mbedtls/pem.h"
6#include "mbedtls/oid.h"
Hanno Becker418a6222017-09-14 07:51:28 +01007#include "mbedtls/rsa.h"
Manuel Pégourié-Gonnardfeb03962020-08-20 09:59:33 +02008
Hanno Becker418a6222017-09-14 07:51:28 +01009#if defined(MBEDTLS_RSA_C)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +020010int mbedtls_rsa_decrypt_func(void *ctx,
11 size_t *olen,
12 const unsigned char *input,
13 unsigned char *output,
14 size_t output_max_len)
Hanno Becker418a6222017-09-14 07:51:28 +010015{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +020016 return (mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *)ctx, NULL, NULL,
17 olen, input, output, output_max_len));
Hanno Becker418a6222017-09-14 07:51:28 +010018}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +020019int mbedtls_rsa_sign_func(void *ctx,
20 int (*f_rng)(void *, unsigned char *, size_t),
21 void *p_rng,
22 mbedtls_md_type_t md_alg,
23 unsigned int hashlen,
24 const unsigned char *hash,
25 unsigned char *sig)
Hanno Becker418a6222017-09-14 07:51:28 +010026{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +020027 return (mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *)ctx, f_rng, p_rng,
28 md_alg, hashlen, hash, sig));
Hanno Becker418a6222017-09-14 07:51:28 +010029}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +020030size_t mbedtls_rsa_key_len_func(void *ctx)
Hanno Becker418a6222017-09-14 07:51:28 +010031{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +020032 return ((const mbedtls_rsa_context *)ctx)->len;
Hanno Becker418a6222017-09-14 07:51:28 +010033}
34#endif /* MBEDTLS_RSA_C */
35
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +020036#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PEM_WRITE_C) && \
37 defined(MBEDTLS_X509_CSR_WRITE_C)
38static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen)
Andrzej Kurek5f7bad32018-11-19 10:12:37 -050039{
40 unsigned char hash[MBEDTLS_MD_MAX_SIZE];
41 const mbedtls_md_info_t *md_info;
42 mbedtls_x509_csr csr;
Hanno Beckerbf2dacb2019-06-03 16:28:24 +010043 int ret = 0;
44
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +020045 mbedtls_x509_csr_init(&csr);
Andrzej Kurek5f7bad32018-11-19 10:12:37 -050046
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +020047 if (mbedtls_x509_csr_parse(&csr, buf, buflen) != 0) {
Hanno Beckerbf2dacb2019-06-03 16:28:24 +010048 ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
49 goto cleanup;
50 }
Andrzej Kurek5f7bad32018-11-19 10:12:37 -050051
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +020052 md_info = mbedtls_md_info_from_type(csr.sig_md);
53 if (mbedtls_md(md_info, csr.cri.p, csr.cri.len, hash) != 0) {
Andrzej Kurek4b114072018-11-19 18:04:01 -050054 /* Note: this can't happen except after an internal error */
Hanno Beckerbf2dacb2019-06-03 16:28:24 +010055 ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
56 goto cleanup;
Andrzej Kurek4b114072018-11-19 18:04:01 -050057 }
Andrzej Kurek5f7bad32018-11-19 10:12:37 -050058
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +020059 if (mbedtls_pk_verify_ext(csr.sig_pk, csr.sig_opts, &csr.pk, csr.sig_md,
60 hash, mbedtls_md_get_size(md_info), csr.sig.p,
61 csr.sig.len) != 0) {
Hanno Beckerbf2dacb2019-06-03 16:28:24 +010062 ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;
63 goto cleanup;
Andrzej Kurek4b114072018-11-19 18:04:01 -050064 }
Andrzej Kurek5f7bad32018-11-19 10:12:37 -050065
Hanno Beckerbf2dacb2019-06-03 16:28:24 +010066cleanup:
67
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +020068 mbedtls_x509_csr_free(&csr);
69 return ret;
Andrzej Kurek5f7bad32018-11-19 10:12:37 -050070}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +020071#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C && \
72 MBEDTLS_X509_CSR_WRITE_C */
Andrzej Kurek5f7bad32018-11-19 10:12:37 -050073
Paul Bakker33b43f12013-08-20 11:48:36 +020074/* END_HEADER */
Paul Bakker6d620502012-02-16 14:09:13 +000075
Paul Bakker33b43f12013-08-20 11:48:36 +020076/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020077 * depends_on:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO:MBEDTLS_PK_PARSE_C
Paul Bakker33b43f12013-08-20 11:48:36 +020078 * END_DEPENDENCIES
79 */
Paul Bakker6d620502012-02-16 14:09:13 +000080
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020081/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +020082void x509_csr_check(char *key_file,
83 char *cert_req_check_file,
84 int md_type,
85 int key_usage,
86 int set_key_usage,
87 int cert_type,
88 int set_cert_type)
Paul Bakker6d620502012-02-16 14:09:13 +000089{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020090 mbedtls_pk_context key;
91 mbedtls_x509write_csr req;
Andres AGe0af9952016-09-07 11:09:44 +010092 unsigned char buf[4096];
Paul Bakker6d620502012-02-16 14:09:13 +000093 unsigned char check_buf[4000];
94 int ret;
Paul Elliott557b8d62020-11-19 09:46:56 +000095 size_t olen = 0, pem_len = 0, buf_index;
Andres AGe0af9952016-09-07 11:09:44 +010096 int der_len = -1;
Paul Bakker6d620502012-02-16 14:09:13 +000097 FILE *f;
Paul Bakker3a8cb6f2013-12-30 20:41:54 +010098 const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
Ronald Cron351f0ee2020-06-10 12:12:18 +020099 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker6d620502012-02-16 14:09:13 +0000100
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200101 memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
Manuel Pégourié-Gonnardee731792013-09-11 22:48:40 +0200102
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200103 mbedtls_pk_init(&key);
104 TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
105 mbedtls_test_rnd_std_rand, NULL) == 0);
Paul Bakker6d620502012-02-16 14:09:13 +0000106
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200107 mbedtls_x509write_csr_init(&req);
108 mbedtls_x509write_csr_set_md_alg(&req, md_type);
109 mbedtls_x509write_csr_set_key(&req, &key);
110 TEST_ASSERT(mbedtls_x509write_csr_set_subject_name(&req, subject_name) ==
111 0);
112 if (set_key_usage != 0)
113 TEST_ASSERT(mbedtls_x509write_csr_set_key_usage(&req, key_usage) == 0);
114 if (set_cert_type != 0)
115 TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) ==
116 0);
Paul Bakker8eabfc12013-08-25 10:18:25 +0200117
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200118 ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf),
119 mbedtls_test_rnd_pseudo_rand, &rnd_info);
120 TEST_ASSERT(ret == 0);
Paul Bakker6d620502012-02-16 14:09:13 +0000121
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200122 pem_len = strlen((char *)buf);
Paul Bakker6d620502012-02-16 14:09:13 +0000123
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200124 for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) {
125 TEST_ASSERT(buf[buf_index] == 0);
Paul Elliott557b8d62020-11-19 09:46:56 +0000126 }
127
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200128 f = fopen(cert_req_check_file, "r");
129 TEST_ASSERT(f != NULL);
130 olen = fread(check_buf, 1, sizeof(check_buf), f);
131 fclose(f);
Paul Bakker6d620502012-02-16 14:09:13 +0000132
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200133 TEST_ASSERT(olen >= pem_len - 1);
134 TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
Paul Bakker58ef6ec2013-01-03 11:33:48 +0100135
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200136 der_len = mbedtls_x509write_csr_der(
137 &req, buf, sizeof(buf), mbedtls_test_rnd_pseudo_rand, &rnd_info);
138 TEST_ASSERT(der_len >= 0);
Andres AGe0af9952016-09-07 11:09:44 +0100139
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200140 if (der_len == 0)
Andres AGe0af9952016-09-07 11:09:44 +0100141 goto exit;
142
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200143 ret = mbedtls_x509write_csr_der(&req, buf, (size_t)(der_len - 1),
144 mbedtls_test_rnd_pseudo_rand, &rnd_info);
145 TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
Andres AGe0af9952016-09-07 11:09:44 +0100146
Paul Bakkerbd51b262014-07-10 15:26:12 +0200147exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200148 mbedtls_x509write_csr_free(&req);
149 mbedtls_pk_free(&key);
Paul Bakker6d620502012-02-16 14:09:13 +0000150}
Paul Bakker33b43f12013-08-20 11:48:36 +0200151/* END_CASE */
Paul Bakker2397cf32013-09-08 15:58:15 +0200152
Andrzej Kurek5f7bad32018-11-19 10:12:37 -0500153/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C:MBEDTLS_USE_PSA_CRYPTO */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200154void x509_csr_check_opaque(char *key_file,
155 int md_type,
156 int key_usage,
157 int cert_type)
Andrzej Kurek5f7bad32018-11-19 10:12:37 -0500158{
159 mbedtls_pk_context key;
Ronald Cron5425a212020-08-04 14:58:35 +0200160 mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
Andrzej Kurek5f7bad32018-11-19 10:12:37 -0500161 psa_algorithm_t md_alg_psa;
162 mbedtls_x509write_csr req;
163 unsigned char buf[4096];
164 int ret;
165 size_t pem_len = 0;
166 const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
Ronald Cron351f0ee2020-06-10 12:12:18 +0200167 mbedtls_test_rnd_pseudo_info rnd_info;
Andrzej Kurek5f7bad32018-11-19 10:12:37 -0500168
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200169 PSA_INIT();
170 memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
Andrzej Kurek5f7bad32018-11-19 10:12:37 -0500171
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200172 md_alg_psa = mbedtls_psa_translate_md((mbedtls_md_type_t)md_type);
173 TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE);
Andrzej Kurek967cfd12018-11-20 02:53:17 -0500174
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200175 mbedtls_pk_init(&key);
176 TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
177 mbedtls_test_rnd_std_rand, NULL) == 0);
178 TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&key, &key_id, md_alg_psa) == 0);
Andrzej Kurek5f7bad32018-11-19 10:12:37 -0500179
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200180 mbedtls_x509write_csr_init(&req);
181 mbedtls_x509write_csr_set_md_alg(&req, md_type);
182 mbedtls_x509write_csr_set_key(&req, &key);
183 TEST_ASSERT(mbedtls_x509write_csr_set_subject_name(&req, subject_name) ==
184 0);
185 if (key_usage != 0)
186 TEST_ASSERT(mbedtls_x509write_csr_set_key_usage(&req, key_usage) == 0);
187 if (cert_type != 0)
188 TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) ==
189 0);
Andrzej Kurek5f7bad32018-11-19 10:12:37 -0500190
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200191 ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1,
192 mbedtls_test_rnd_pseudo_rand, &rnd_info);
Ronald Cron6c5bd7f2020-06-10 14:08:26 +0200193
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200194 TEST_ASSERT(ret == 0);
Andrzej Kurek5f7bad32018-11-19 10:12:37 -0500195
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200196 pem_len = strlen((char *)buf);
Andrzej Kurek5f7bad32018-11-19 10:12:37 -0500197 buf[pem_len] = '\0';
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200198 TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0);
Manuel Pégourié-Gonnardfeb03962020-08-20 09:59:33 +0200199
Andrzej Kurek5f7bad32018-11-19 10:12:37 -0500200exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200201 mbedtls_x509write_csr_free(&req);
202 mbedtls_pk_free(&key);
203 psa_destroy_key(key_id);
204 PSA_DONE();
Andrzej Kurek5f7bad32018-11-19 10:12:37 -0500205}
206/* END_CASE */
207
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200208/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CRT_WRITE_C:MBEDTLS_SHA1_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200209void x509_crt_check(char *subject_key_file,
210 char *subject_pwd,
211 char *subject_name,
212 char *issuer_key_file,
213 char *issuer_pwd,
214 char *issuer_name,
215 char *serial_str,
216 char *not_before,
217 char *not_after,
218 int md_type,
219 int key_usage,
220 int set_key_usage,
221 int cert_type,
222 int set_cert_type,
223 int auth_ident,
224 int ver,
225 char *cert_check_file,
226 int rsa_alt,
227 int is_ca)
Paul Bakker2397cf32013-09-08 15:58:15 +0200228{
Hanno Becker418a6222017-09-14 07:51:28 +0100229 mbedtls_pk_context subject_key, issuer_key, issuer_key_alt;
230 mbedtls_pk_context *key = &issuer_key;
231
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200232 mbedtls_x509write_cert crt;
Andres AGe0af9952016-09-07 11:09:44 +0100233 unsigned char buf[4096];
Paul Bakker2397cf32013-09-08 15:58:15 +0200234 unsigned char check_buf[5000];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200235 mbedtls_mpi serial;
Paul Bakker2397cf32013-09-08 15:58:15 +0200236 int ret;
Paul Elliott557b8d62020-11-19 09:46:56 +0000237 size_t olen = 0, pem_len = 0, buf_index = 0;
Andres AGe0af9952016-09-07 11:09:44 +0100238 int der_len = -1;
Paul Bakker2397cf32013-09-08 15:58:15 +0200239 FILE *f;
Ronald Cron351f0ee2020-06-10 12:12:18 +0200240 mbedtls_test_rnd_pseudo_info rnd_info;
Paul Bakker2397cf32013-09-08 15:58:15 +0200241
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200242 memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
243 mbedtls_mpi_init(&serial);
Hanno Becker418a6222017-09-14 07:51:28 +0100244
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200245 mbedtls_pk_init(&subject_key);
246 mbedtls_pk_init(&issuer_key);
247 mbedtls_pk_init(&issuer_key_alt);
Hanno Becker418a6222017-09-14 07:51:28 +0100248
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200249 mbedtls_x509write_crt_init(&crt);
Paul Bakker2397cf32013-09-08 15:58:15 +0200250
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200251 TEST_ASSERT(mbedtls_pk_parse_keyfile(&subject_key, subject_key_file,
252 subject_pwd, mbedtls_test_rnd_std_rand,
253 NULL) == 0);
Hanno Becker418a6222017-09-14 07:51:28 +0100254
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200255 TEST_ASSERT(mbedtls_pk_parse_keyfile(&issuer_key, issuer_key_file,
256 issuer_pwd, mbedtls_test_rnd_std_rand,
257 NULL) == 0);
Hanno Becker418a6222017-09-14 07:51:28 +0100258
Manuel Pégourié-Gonnard147b28e2018-03-12 15:26:59 +0100259#if defined(MBEDTLS_RSA_C)
Hanno Becker418a6222017-09-14 07:51:28 +0100260 /* For RSA PK contexts, create a copy as an alternative RSA context. */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200261 if (rsa_alt == 1 && mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_RSA) {
262 TEST_ASSERT(mbedtls_pk_setup_rsa_alt(
263 &issuer_key_alt, mbedtls_pk_rsa(issuer_key),
264 mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func,
265 mbedtls_rsa_key_len_func) == 0);
Hanno Becker418a6222017-09-14 07:51:28 +0100266
267 key = &issuer_key_alt;
268 }
Manuel Pégourié-Gonnard147b28e2018-03-12 15:26:59 +0100269#else
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200270 (void)rsa_alt;
Manuel Pégourié-Gonnard147b28e2018-03-12 15:26:59 +0100271#endif
Hanno Becker418a6222017-09-14 07:51:28 +0100272
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200273 TEST_ASSERT(mbedtls_test_read_mpi(&serial, 10, serial_str) == 0);
Paul Bakker2397cf32013-09-08 15:58:15 +0200274
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200275 if (ver != -1)
276 mbedtls_x509write_crt_set_version(&crt, ver);
Hanno Becker418a6222017-09-14 07:51:28 +0100277
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200278 TEST_ASSERT(mbedtls_x509write_crt_set_serial(&crt, &serial) == 0);
279 TEST_ASSERT(
280 mbedtls_x509write_crt_set_validity(&crt, not_before, not_after) == 0);
281 mbedtls_x509write_crt_set_md_alg(&crt, md_type);
282 TEST_ASSERT(mbedtls_x509write_crt_set_issuer_name(&crt, issuer_name) == 0);
283 TEST_ASSERT(mbedtls_x509write_crt_set_subject_name(&crt, subject_name) ==
284 0);
285 mbedtls_x509write_crt_set_subject_key(&crt, &subject_key);
Hanno Becker418a6222017-09-14 07:51:28 +0100286
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200287 mbedtls_x509write_crt_set_issuer_key(&crt, key);
Paul Bakker2397cf32013-09-08 15:58:15 +0200288
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200289 if (crt.version >= MBEDTLS_X509_CRT_VERSION_3) {
Darren Krahn9c134ce2021-01-13 22:04:45 -0800290 /* For the CA case, a path length of -1 means unlimited. */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200291 TEST_ASSERT(mbedtls_x509write_crt_set_basic_constraints(
292 &crt, is_ca, (is_ca ? -1 : 0)) == 0);
293 TEST_ASSERT(mbedtls_x509write_crt_set_subject_key_identifier(&crt) ==
294 0);
295 if (auth_ident)
296 TEST_ASSERT(
297 mbedtls_x509write_crt_set_authority_key_identifier(&crt) == 0);
298 if (set_key_usage != 0)
299 TEST_ASSERT(mbedtls_x509write_crt_set_key_usage(&crt, key_usage) ==
300 0);
301 if (set_cert_type != 0)
302 TEST_ASSERT(
303 mbedtls_x509write_crt_set_ns_cert_type(&crt, cert_type) == 0);
Manuel Pégourié-Gonnard6c1a73e2014-03-28 14:03:22 +0100304 }
Paul Bakker2397cf32013-09-08 15:58:15 +0200305
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200306 ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf),
307 mbedtls_test_rnd_pseudo_rand, &rnd_info);
308 TEST_ASSERT(ret == 0);
Paul Bakker2397cf32013-09-08 15:58:15 +0200309
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200310 pem_len = strlen((char *)buf);
Paul Bakker2397cf32013-09-08 15:58:15 +0200311
Paul Elliott557b8d62020-11-19 09:46:56 +0000312 // check that the rest of the buffer remains clear
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200313 for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) {
314 TEST_ASSERT(buf[buf_index] == 0);
Paul Elliott557b8d62020-11-19 09:46:56 +0000315 }
316
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200317 f = fopen(cert_check_file, "r");
318 TEST_ASSERT(f != NULL);
319 olen = fread(check_buf, 1, sizeof(check_buf), f);
320 fclose(f);
321 TEST_ASSERT(olen < sizeof(check_buf));
Paul Bakker2397cf32013-09-08 15:58:15 +0200322
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200323 TEST_ASSERT(olen >= pem_len - 1);
324 TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
Paul Bakker2397cf32013-09-08 15:58:15 +0200325
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200326 der_len = mbedtls_x509write_crt_der(
327 &crt, buf, sizeof(buf), mbedtls_test_rnd_pseudo_rand, &rnd_info);
328 TEST_ASSERT(der_len >= 0);
Andres AGe0af9952016-09-07 11:09:44 +0100329
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200330 if (der_len == 0)
Andres AGe0af9952016-09-07 11:09:44 +0100331 goto exit;
332
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200333 ret = mbedtls_x509write_crt_der(&crt, buf, (size_t)(der_len - 1),
334 mbedtls_test_rnd_pseudo_rand, &rnd_info);
335 TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
Andres AGe0af9952016-09-07 11:09:44 +0100336
Paul Bakkerbd51b262014-07-10 15:26:12 +0200337exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200338 mbedtls_x509write_crt_free(&crt);
339 mbedtls_pk_free(&issuer_key_alt);
340 mbedtls_pk_free(&subject_key);
341 mbedtls_pk_free(&issuer_key);
342 mbedtls_mpi_free(&serial);
Paul Bakker2397cf32013-09-08 15:58:15 +0200343}
344/* END_CASE */
Paul Bakker8dcb2d72014-08-08 12:22:30 +0200345
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200346/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200347void mbedtls_x509_string_to_names(char *name, char *parsed_name, int result)
Paul Bakker8dcb2d72014-08-08 12:22:30 +0200348{
349 int ret;
350 size_t len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200351 mbedtls_asn1_named_data *names = NULL;
352 mbedtls_x509_name parsed, *parsed_cur, *parsed_prv;
Manuel Pégourié-Gonnard4fd0b252015-06-26 14:15:48 +0200353 unsigned char buf[1024], out[1024], *c;
Paul Bakker8dcb2d72014-08-08 12:22:30 +0200354
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200355 memset(&parsed, 0, sizeof(parsed));
356 memset(out, 0, sizeof(out));
357 memset(buf, 0, sizeof(buf));
358 c = buf + sizeof(buf);
Paul Bakker8dcb2d72014-08-08 12:22:30 +0200359
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200360 ret = mbedtls_x509_string_to_names(&names, name);
361 TEST_ASSERT(ret == result);
Paul Bakker8dcb2d72014-08-08 12:22:30 +0200362
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200363 if (ret != 0)
Paul Bakker8dcb2d72014-08-08 12:22:30 +0200364 goto exit;
365
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200366 ret = mbedtls_x509_write_names(&c, buf, names);
367 TEST_ASSERT(ret > 0);
Paul Bakker8dcb2d72014-08-08 12:22:30 +0200368
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200369 TEST_ASSERT(mbedtls_asn1_get_tag(&c, buf + sizeof(buf), &len,
370 MBEDTLS_ASN1_CONSTRUCTED |
371 MBEDTLS_ASN1_SEQUENCE) == 0);
372 TEST_ASSERT(mbedtls_x509_get_name(&c, buf + sizeof(buf), &parsed) == 0);
Paul Bakker8dcb2d72014-08-08 12:22:30 +0200373
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200374 ret = mbedtls_x509_dn_gets((char *)out, sizeof(out), &parsed);
375 TEST_ASSERT(ret > 0);
Paul Bakker8dcb2d72014-08-08 12:22:30 +0200376
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200377 TEST_ASSERT(strcmp((char *)out, parsed_name) == 0);
Paul Bakker8dcb2d72014-08-08 12:22:30 +0200378
379exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200380 mbedtls_asn1_free_named_data_list(&names);
Paul Bakker8dcb2d72014-08-08 12:22:30 +0200381
382 parsed_cur = parsed.next;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200383 while (parsed_cur != 0) {
Paul Bakker8dcb2d72014-08-08 12:22:30 +0200384 parsed_prv = parsed_cur;
385 parsed_cur = parsed_cur->next;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200386 mbedtls_free(parsed_prv);
Paul Bakker8dcb2d72014-08-08 12:22:30 +0200387 }
388}
389/* END_CASE */