TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 43aa905d1e0c5c3e8fbec98adc496bcd7d46b51f / . / tests / suites / test_suite_x509parse.function
blob: 4a826082bd1d3b66b57771c82a6672f7edbd2e7d [file] [log] [blame]
Gilles Peskine7dc97042020-02-26 19:48:43 +0100[diff] [blame]1/* BEGIN_HEADER */
2#include "mbedtls/bignum.h"
3#include "mbedtls/x509.h"
4#include "mbedtls/x509_crt.h"
5#include "mbedtls/x509_crl.h"
6#include "mbedtls/x509_csr.h"
7#include "mbedtls/pem.h"
8#include "mbedtls/oid.h"
9#include "mbedtls/base64.h"
10#include "string.h"
11
12#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
13#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
14than the current threshold 19. To test larger values, please \
15adapt the script tests/data_files/dir-max/long.sh."
16#endif
17
18/* Profile for backward compatibility. Allows SHA-1, unlike the default
19 profile. */
20const mbedtls_x509_crt_profile compat_profile =
21{
22 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
23 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) |
24 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
25 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
26 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
27 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
28 0xFFFFFFF, /* Any PK alg */
29 0xFFFFFFF, /* Any curve */
30 1024,
31};
32
33const mbedtls_x509_crt_profile profile_rsa3072 =
34{
35 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
36 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
37 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
38 MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ),
39 0,
40 3072,
41};
42
43const mbedtls_x509_crt_profile profile_sha512 =
44{
45 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
46 0xFFFFFFF, /* Any PK alg */
47 0xFFFFFFF, /* Any curve */
48 1024,
49};
50
51int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
52{
53 ((void) data);
54 ((void) crt);
55 ((void) certificate_depth);
56 *flags |= MBEDTLS_X509_BADCERT_OTHER;
57
58 return 0;
59}
60
61int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
62{
63 ((void) data);
64 ((void) crt);
65 ((void) certificate_depth);
66 *flags = 0;
67
68 return 0;
69}
70
71int verify_fatal( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
72{
73 int *levels = (int *) data;
74
75 ((void) crt);
76 ((void) certificate_depth);
77
78 /* Simulate a fatal error in the callback */
79 if( *levels & ( 1 << certificate_depth ) )
80 {
81 *flags |= ( 1 << certificate_depth );
82 return( -1 - certificate_depth );
83 }
84
85 return( 0 );
86}
87
88/* strsep() not available on Windows */
89char *mystrsep(char **stringp, const char *delim)
90{
91 const char *p;
92 char *ret = *stringp;
93
94 if( *stringp == NULL )
95 return( NULL );
96
97 for( ; ; (*stringp)++ )
98 {
99 if( **stringp == '\0' )
100 {
101 *stringp = NULL;
102 goto done;
103 }
104
105 for( p = delim; *p != '\0'; p++ )
106 if( **stringp == *p )
107 {
108 **stringp = '\0';
109 (*stringp)++;
110 goto done;
111 }
112 }
113
114done:
115 return( ret );
116}
117
118#if defined(MBEDTLS_X509_CRT_PARSE_C)
119typedef struct {
120 char buf[512];
121 char *p;
122} verify_print_context;
123
124void verify_print_init( verify_print_context *ctx )
125{
126 memset( ctx, 0, sizeof( verify_print_context ) );
127 ctx->p = ctx->buf;
128}
129
130int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
131{
132 int ret;
133 verify_print_context *ctx = (verify_print_context *) data;
134 char *p = ctx->p;
135 size_t n = ctx->buf + sizeof( ctx->buf ) - ctx->p;
136 ((void) flags);
137
138 ret = mbedtls_snprintf( p, n, "depth %d - serial ", certificate_depth );
139 MBEDTLS_X509_SAFE_SNPRINTF;
140
141 ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
142 MBEDTLS_X509_SAFE_SNPRINTF;
143
144 ret = mbedtls_snprintf( p, n, " - subject " );
145 MBEDTLS_X509_SAFE_SNPRINTF;
146
147 ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
148 MBEDTLS_X509_SAFE_SNPRINTF;
149
150 ret = mbedtls_snprintf( p, n, " - flags 0x%08x\n", *flags );
151 MBEDTLS_X509_SAFE_SNPRINTF;
152
153 ctx->p = p;
154
155 return( 0 );
156}
157#endif /* MBEDTLS_X509_CRT_PARSE_C */
158/* END_HEADER */
159
160/* BEGIN_DEPENDENCIES
161 * depends_on:MBEDTLS_BIGNUM_C
162 * END_DEPENDENCIES
163 */
164
165/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
166void x509_cert_info( char * crt_file, char * result_str )
167{
168 mbedtls_x509_crt crt;
169 char buf[2000];
170 int res;
171
172 mbedtls_x509_crt_init( &crt );
173 memset( buf, 0, 2000 );
174
175 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
176 res = mbedtls_x509_crt_info( buf, 2000, "", &crt );
177
178 TEST_ASSERT( res != -1 );
179 TEST_ASSERT( res != -2 );
180
181 TEST_ASSERT( strcmp( buf, result_str ) == 0 );
182
183exit:
184 mbedtls_x509_crt_free( &crt );
185}
186/* END_CASE */
187
188/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
189void mbedtls_x509_crl_info( char * crl_file, char * result_str )
190{
191 mbedtls_x509_crl crl;
192 char buf[2000];
193 int res;
194
195 mbedtls_x509_crl_init( &crl );
196 memset( buf, 0, 2000 );
197
198 TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
199 res = mbedtls_x509_crl_info( buf, 2000, "", &crl );
200
201 TEST_ASSERT( res != -1 );
202 TEST_ASSERT( res != -2 );
203
204 TEST_ASSERT( strcmp( buf, result_str ) == 0 );
205
206exit:
207 mbedtls_x509_crl_free( &crl );
208}
209/* END_CASE */
210
211/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
212void mbedtls_x509_crl_parse( char * crl_file, int result )
213{
214 mbedtls_x509_crl crl;
215 char buf[2000];
216
217 mbedtls_x509_crl_init( &crl );
218 memset( buf, 0, 2000 );
219
220 TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == result );
221
222exit:
223 mbedtls_x509_crl_free( &crl );
224}
225/* END_CASE */
226
227/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C */
228void mbedtls_x509_csr_info( char * csr_file, char * result_str )
229{
230 mbedtls_x509_csr csr;
231 char buf[2000];
232 int res;
233
234 mbedtls_x509_csr_init( &csr );
235 memset( buf, 0, 2000 );
236
237 TEST_ASSERT( mbedtls_x509_csr_parse_file( &csr, csr_file ) == 0 );
238 res = mbedtls_x509_csr_info( buf, 2000, "", &csr );
239
240 TEST_ASSERT( res != -1 );
241 TEST_ASSERT( res != -2 );
242
243 TEST_ASSERT( strcmp( buf, result_str ) == 0 );
244
245exit:
246 mbedtls_x509_csr_free( &csr );
247}
248/* END_CASE */
249
250/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
251void x509_verify_info( int flags, char * prefix, char * result_str )
252{
253 char buf[2000];
254 int res;
255
256 memset( buf, 0, sizeof( buf ) );
257
258 res = mbedtls_x509_crt_verify_info( buf, sizeof( buf ), prefix, flags );
259
260 TEST_ASSERT( res >= 0 );
261
262 TEST_ASSERT( strcmp( buf, result_str ) == 0 );
263}
264/* END_CASE */
265
266/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */
267void x509_verify_restart( char *crt_file, char *ca_file,
268 int result, int flags_result,
269 int max_ops, int min_restart, int max_restart )
270{
271 int ret, cnt_restart;
272 mbedtls_x509_crt_restart_ctx rs_ctx;
273 mbedtls_x509_crt crt;
274 mbedtls_x509_crt ca;
275 uint32_t flags = 0;
276
277 /*
278 * See comments on ecp_test_vect_restart() for op count precision.
279 *
280 * For reference, with mbed TLS 2.6 and default settings:
281 * - ecdsa_verify() for P-256: ~ 6700
282 * - ecdsa_verify() for P-384: ~ 18800
283 * - x509_verify() for server5 -> test-ca2: ~ 18800
284 * - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500
285 */
286
287 mbedtls_x509_crt_restart_init( &rs_ctx );
288 mbedtls_x509_crt_init( &crt );
289 mbedtls_x509_crt_init( &ca );
290
291 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
292 TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
293
294 mbedtls_ecp_set_max_ops( max_ops );
295
296 cnt_restart = 0;
297 do {
298 ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL,
299 &mbedtls_x509_crt_profile_default, NULL, &flags,
300 NULL, NULL, &rs_ctx );
301 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
302
303 TEST_ASSERT( ret == result );
304 TEST_ASSERT( flags == (uint32_t) flags_result );
305
306 TEST_ASSERT( cnt_restart >= min_restart );
307 TEST_ASSERT( cnt_restart <= max_restart );
308
309 /* Do we leak memory when aborting? */
310 ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL,
311 &mbedtls_x509_crt_profile_default, NULL, &flags,
312 NULL, NULL, &rs_ctx );
313 TEST_ASSERT( ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
314
315exit:
316 mbedtls_x509_crt_restart_free( &rs_ctx );
317 mbedtls_x509_crt_free( &crt );
318 mbedtls_x509_crt_free( &ca );
319}
320/* END_CASE */
321
322/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
323void x509_verify( char *crt_file, char *ca_file, char *crl_file,
324 char *cn_name_str, int result, int flags_result,
325 char *profile_str,
326 char *verify_callback )
327{
328 mbedtls_x509_crt crt;
329 mbedtls_x509_crt ca;
330 mbedtls_x509_crl crl;
331 uint32_t flags = 0;
332 int res;
333 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL;
334 char * cn_name = NULL;
335 const mbedtls_x509_crt_profile *profile;
336
337#if defined(MBEDTLS_USE_PSA_CRYPTO)
338 TEST_ASSERT( psa_crypto_init() == 0 );
339#endif
340
341 mbedtls_x509_crt_init( &crt );
342 mbedtls_x509_crt_init( &ca );
343 mbedtls_x509_crl_init( &crl );
344
345 if( strcmp( cn_name_str, "NULL" ) != 0 )
346 cn_name = cn_name_str;
347
348 if( strcmp( profile_str, "" ) == 0 )
349 profile = &mbedtls_x509_crt_profile_default;
350 else if( strcmp( profile_str, "next" ) == 0 )
351 profile = &mbedtls_x509_crt_profile_next;
352 else if( strcmp( profile_str, "suite_b" ) == 0 )
353 profile = &mbedtls_x509_crt_profile_suiteb;
354 else if( strcmp( profile_str, "compat" ) == 0 )
355 profile = &compat_profile;
356 else
357 TEST_ASSERT( "Unknown algorithm profile" == 0 );
358
359 if( strcmp( verify_callback, "NULL" ) == 0 )
360 f_vrfy = NULL;
361 else if( strcmp( verify_callback, "verify_none" ) == 0 )
362 f_vrfy = verify_none;
363 else if( strcmp( verify_callback, "verify_all" ) == 0 )
364 f_vrfy = verify_all;
365 else
366 TEST_ASSERT( "No known verify callback selected" == 0 );
367
368 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
369 TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
370 TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
371
372 res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, cn_name, &flags, f_vrfy, NULL );
373
374 TEST_ASSERT( res == ( result ) );
375 TEST_ASSERT( flags == (uint32_t)( flags_result ) );
376
377exit:
378 mbedtls_x509_crt_free( &crt );
379 mbedtls_x509_crt_free( &ca );
380 mbedtls_x509_crl_free( &crl );
381}
382/* END_CASE */
383
384/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
385void x509_verify_callback( char *crt_file, char *ca_file, char *name,
386 int exp_ret, char *exp_vrfy_out )
387{
388 int ret;
389 mbedtls_x509_crt crt;
390 mbedtls_x509_crt ca;
391 uint32_t flags = 0;
392 verify_print_context vrfy_ctx;
393
394#if defined(MBEDTLS_USE_PSA_CRYPTO)
395 TEST_ASSERT( psa_crypto_init() == 0 );
396#endif
397
398 mbedtls_x509_crt_init( &crt );
399 mbedtls_x509_crt_init( &ca );
400 verify_print_init( &vrfy_ctx );
401
402 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
403 TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
404
405 if( strcmp( name, "NULL" ) == 0 )
406 name = NULL;
407
408 ret = mbedtls_x509_crt_verify_with_profile( &crt, &ca, NULL,
409 &compat_profile,
410 name, &flags,
411 verify_print, &vrfy_ctx );
412
413 TEST_ASSERT( ret == exp_ret );
414 TEST_ASSERT( strcmp( vrfy_ctx.buf, exp_vrfy_out ) == 0 );
415
416exit:
417 mbedtls_x509_crt_free( &crt );
418 mbedtls_x509_crt_free( &ca );
419}
420/* END_CASE */
421
422/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
423void mbedtls_x509_dn_gets( char * crt_file, char * entity, char * result_str )
424{
425 mbedtls_x509_crt crt;
426 char buf[2000];
427 int res = 0;
428
429 mbedtls_x509_crt_init( &crt );
430 memset( buf, 0, 2000 );
431
432 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
433 if( strcmp( entity, "subject" ) == 0 )
434 res = mbedtls_x509_dn_gets( buf, 2000, &crt.subject );
435 else if( strcmp( entity, "issuer" ) == 0 )
436 res = mbedtls_x509_dn_gets( buf, 2000, &crt.issuer );
437 else
438 TEST_ASSERT( "Unknown entity" == 0 );
439
440 TEST_ASSERT( res != -1 );
441 TEST_ASSERT( res != -2 );
442
443 TEST_ASSERT( strcmp( buf, result_str ) == 0 );
444
445exit:
446 mbedtls_x509_crt_free( &crt );
447}
448/* END_CASE */
449
450/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
451void mbedtls_x509_time_is_past( char * crt_file, char * entity, int result )
452{
453 mbedtls_x509_crt crt;
454
455 mbedtls_x509_crt_init( &crt );
456
457 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
458
459 if( strcmp( entity, "valid_from" ) == 0 )
460 TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_from ) == result );
461 else if( strcmp( entity, "valid_to" ) == 0 )
462 TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_to ) == result );
463 else
464 TEST_ASSERT( "Unknown entity" == 0 );
465
466exit:
467 mbedtls_x509_crt_free( &crt );
468}
469/* END_CASE */
470
471/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
472void mbedtls_x509_time_is_future( char * crt_file, char * entity, int result )
473{
474 mbedtls_x509_crt crt;
475
476 mbedtls_x509_crt_init( &crt );
477
478 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
479
480 if( strcmp( entity, "valid_from" ) == 0 )
481 TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_from ) == result );
482 else if( strcmp( entity, "valid_to" ) == 0 )
483 TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_to ) == result );
484 else
485 TEST_ASSERT( "Unknown entity" == 0 );
486
487exit:
488 mbedtls_x509_crt_free( &crt );
489}
490/* END_CASE */
491
492/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
493void x509parse_crt_file( char * crt_file, int result )
494{
495 mbedtls_x509_crt crt;
496
497 mbedtls_x509_crt_init( &crt );
498
499 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == result );
500
501exit:
502 mbedtls_x509_crt_free( &crt );
503}
504/* END_CASE */
505
506/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
507void x509parse_crt( data_t * buf, char * result_str, int result )
508{
509 mbedtls_x509_crt crt;
510 unsigned char output[2000];
511 int res;
512
513 mbedtls_x509_crt_init( &crt );
514 memset( output, 0, 2000 );
515
516 TEST_ASSERT( mbedtls_x509_crt_parse_der( &crt, buf->x, buf->len ) == ( result ) );
517 if( ( result ) == 0 )
518 {
519 res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
520
521 TEST_ASSERT( res != -1 );
522 TEST_ASSERT( res != -2 );
523
524 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
525 }
526
527 mbedtls_x509_crt_free( &crt );
528 mbedtls_x509_crt_init( &crt );
529 memset( output, 0, 2000 );
530
531 TEST_ASSERT( mbedtls_x509_crt_parse_der_nocopy( &crt, buf->x, buf->len ) == ( result ) );
532 if( ( result ) == 0 )
533 {
534 res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
535
536 TEST_ASSERT( res != -1 );
537 TEST_ASSERT( res != -2 );
538
539 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
540 }
541
542exit:
543 mbedtls_x509_crt_free( &crt );
544}
545/* END_CASE */
546
547/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C */
548void x509parse_crl( data_t * buf, char * result_str, int result )
549{
550 mbedtls_x509_crl crl;
551 unsigned char output[2000];
552 int res;
553
554 mbedtls_x509_crl_init( &crl );
555 memset( output, 0, 2000 );
556
557
558 TEST_ASSERT( mbedtls_x509_crl_parse( &crl, buf->x, buf->len ) == ( result ) );
559 if( ( result ) == 0 )
560 {
561 res = mbedtls_x509_crl_info( (char *) output, 2000, "", &crl );
562
563 TEST_ASSERT( res != -1 );
564 TEST_ASSERT( res != -2 );
565
566 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
567 }
568
569exit:
570 mbedtls_x509_crl_free( &crl );
571}
572/* END_CASE */
573
574/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C */
575void mbedtls_x509_csr_parse( data_t * csr_der, char * ref_out, int ref_ret )
576{
577 mbedtls_x509_csr csr;
578 char my_out[1000];
579 int my_ret;
580
581 mbedtls_x509_csr_init( &csr );
582 memset( my_out, 0, sizeof( my_out ) );
583
584 my_ret = mbedtls_x509_csr_parse_der( &csr, csr_der->x, csr_der->len );
585 TEST_ASSERT( my_ret == ref_ret );
586
587 if( ref_ret == 0 )
588 {
589 size_t my_out_len = mbedtls_x509_csr_info( my_out, sizeof( my_out ), "", &csr );
590 TEST_ASSERT( my_out_len == strlen( ref_out ) );
591 TEST_ASSERT( strcmp( my_out, ref_out ) == 0 );
592 }
593
594exit:
595 mbedtls_x509_csr_free( &csr );
596}
597/* END_CASE */
598
599/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
600void mbedtls_x509_crt_parse_path( char * crt_path, int ret, int nb_crt )
601{
602 mbedtls_x509_crt chain, *cur;
603 int i;
604
605 mbedtls_x509_crt_init( &chain );
606
607 TEST_ASSERT( mbedtls_x509_crt_parse_path( &chain, crt_path ) == ret );
608
609 /* Check how many certs we got */
610 for( i = 0, cur = &chain; cur != NULL; cur = cur->next )
611 if( cur->raw.p != NULL )
612 i++;
613
614 TEST_ASSERT( i == nb_crt );
615
616exit:
617 mbedtls_x509_crt_free( &chain );
618}
619/* END_CASE */
620
621/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
622void mbedtls_x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int,
623 int ret_chk, int flags_chk )
624{
625 char file_buf[128];
626 int ret;
627 uint32_t flags;
628 mbedtls_x509_crt trusted, chain;
629
630#if defined(MBEDTLS_USE_PSA_CRYPTO)
631 TEST_ASSERT( psa_crypto_init() == 0 );
632#endif
633
634 /*
635 * We expect chain_dir to contain certificates 00.crt, 01.crt, etc.
636 * with NN.crt signed by NN-1.crt
637 */
638
639 mbedtls_x509_crt_init( &trusted );
640 mbedtls_x509_crt_init( &chain );
641
642 /* Load trusted root */
643 TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, ca_file ) == 0 );
644
645 /* Load a chain with nb_int intermediates (from 01 to nb_int),
646 * plus one "end-entity" cert (nb_int + 1) */
647 ret = mbedtls_snprintf( file_buf, sizeof file_buf, "%s/c%02d.pem", chain_dir,
648 nb_int + 1 );
649 TEST_ASSERT( ret > 0 && (size_t) ret < sizeof file_buf );
650 TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, file_buf ) == 0 );
651
652 /* Try to verify that chain */
653 ret = mbedtls_x509_crt_verify( &chain, &trusted, NULL, NULL, &flags,
654 NULL, NULL );
655 TEST_ASSERT( ret == ret_chk );
656 TEST_ASSERT( flags == (uint32_t) flags_chk );
657
658exit:
659 mbedtls_x509_crt_free( &chain );
660 mbedtls_x509_crt_free( &trusted );
661}
662/* END_CASE */
663
664/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
665void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca,
666 int flags_result, int result,
667 char *profile_name, int vrfy_fatal_lvls )
668{
669 char* act;
670 uint32_t flags;
671 int res;
672 mbedtls_x509_crt trusted, chain;
673 const mbedtls_x509_crt_profile *profile = NULL;
674
675#if defined(MBEDTLS_USE_PSA_CRYPTO)
676 TEST_ASSERT( psa_crypto_init() == 0 );
677#endif
678
679 mbedtls_x509_crt_init( &chain );
680 mbedtls_x509_crt_init( &trusted );
681
682 while( ( act = mystrsep( &chain_paths, " " ) ) != NULL )
683 TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, act ) == 0 );
684 TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, trusted_ca ) == 0 );
685
686 if( strcmp( profile_name, "" ) == 0 )
687 profile = &mbedtls_x509_crt_profile_default;
688 else if( strcmp( profile_name, "next" ) == 0 )
689 profile = &mbedtls_x509_crt_profile_next;
690 else if( strcmp( profile_name, "suiteb" ) == 0 )
691 profile = &mbedtls_x509_crt_profile_suiteb;
692 else if( strcmp( profile_name, "rsa3072" ) == 0 )
693 profile = &profile_rsa3072;
694 else if( strcmp( profile_name, "sha512" ) == 0 )
695 profile = &profile_sha512;
696
697 res = mbedtls_x509_crt_verify_with_profile( &chain, &trusted, NULL, profile,
698 NULL, &flags, verify_fatal, &vrfy_fatal_lvls );
699
700 TEST_ASSERT( res == ( result ) );
701 TEST_ASSERT( flags == (uint32_t)( flags_result ) );
702
703exit:
704 mbedtls_x509_crt_free( &trusted );
705 mbedtls_x509_crt_free( &chain );
706}
707/* END_CASE */
708
709/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
710void x509_oid_desc( data_t * buf, char * ref_desc )
711{
712 mbedtls_x509_buf oid;
713 const char *desc = NULL;
714 int ret;
715
716
717 oid.tag = MBEDTLS_ASN1_OID;
718 oid.p = buf->x;
719 oid.len = buf->len;
720
721 ret = mbedtls_oid_get_extended_key_usage( &oid, &desc );
722
723 if( strcmp( ref_desc, "notfound" ) == 0 )
724 {
725 TEST_ASSERT( ret != 0 );
726 TEST_ASSERT( desc == NULL );
727 }
728 else
729 {
730 TEST_ASSERT( ret == 0 );
731 TEST_ASSERT( desc != NULL );
732 TEST_ASSERT( strcmp( desc, ref_desc ) == 0 );
733 }
734}
735/* END_CASE */
736
737/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
738void x509_oid_numstr( data_t * oid_buf, char * numstr, int blen, int ret )
739{
740 mbedtls_x509_buf oid;
741 char num_buf[100];
742
743 memset( num_buf, 0x2a, sizeof num_buf );
744
745 oid.tag = MBEDTLS_ASN1_OID;
746 oid.p = oid_buf->x;
747 oid.len = oid_buf->len;
748
749 TEST_ASSERT( (size_t) blen <= sizeof num_buf );
750
751 TEST_ASSERT( mbedtls_oid_get_numeric_string( num_buf, blen, &oid ) == ret );
752
753 if( ret >= 0 )
754 {
755 TEST_ASSERT( num_buf[ret] == 0 );
756 TEST_ASSERT( strcmp( num_buf, numstr ) == 0 );
757 }
758}
759/* END_CASE */
760
761/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_KEY_USAGE */
762void x509_check_key_usage( char * crt_file, int usage, int ret )
763{
764 mbedtls_x509_crt crt;
765
766 mbedtls_x509_crt_init( &crt );
767
768 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
769
770 TEST_ASSERT( mbedtls_x509_crt_check_key_usage( &crt, usage ) == ret );
771
772exit:
773 mbedtls_x509_crt_free( &crt );
774}
775/* END_CASE */
776
777/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
778void x509_check_extended_key_usage( char * crt_file, data_t * oid, int ret
779 )
780{
781 mbedtls_x509_crt crt;
782
783 mbedtls_x509_crt_init( &crt );
784
785
786 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
787
788 TEST_ASSERT( mbedtls_x509_crt_check_extended_key_usage( &crt, (const char *)oid->x, oid->len ) == ret );
789
790exit:
791 mbedtls_x509_crt_free( &crt );
792}
793/* END_CASE */
794
795/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
796void x509_get_time( int tag, char * time_str, int ret, int year, int mon,
797 int day, int hour, int min, int sec )
798{
799 mbedtls_x509_time time;
800 unsigned char buf[21];
801 unsigned char* start = buf;
802 unsigned char* end = buf;
803
804 memset( &time, 0x00, sizeof( time ) );
805 *end = (unsigned char)tag; end++;
806 *end = strlen( time_str );
807 TEST_ASSERT( *end < 20 );
808 end++;
809 memcpy( end, time_str, (size_t)*(end - 1) );
810 end += *(end - 1);
811
812 TEST_ASSERT( mbedtls_x509_get_time( &start, end, &time ) == ret );
813 if( ret == 0 )
814 {
815 TEST_ASSERT( year == time.year );
816 TEST_ASSERT( mon == time.mon );
817 TEST_ASSERT( day == time.day );
818 TEST_ASSERT( hour == time.hour );
819 TEST_ASSERT( min == time.min );
820 TEST_ASSERT( sec == time.sec );
821 }
822}
823/* END_CASE */
824
825/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */
826void x509_parse_rsassa_pss_params( data_t * hex_params, int params_tag,
827 int ref_msg_md, int ref_mgf_md,
828 int ref_salt_len, int ref_ret )
829{
830 int my_ret;
831 mbedtls_x509_buf params;
832 mbedtls_md_type_t my_msg_md, my_mgf_md;
833 int my_salt_len;
834
835 params.p = hex_params->x;
836 params.len = hex_params->len;
837 params.tag = params_tag;
838
839 my_ret = mbedtls_x509_get_rsassa_pss_params( &params, &my_msg_md, &my_mgf_md,
840 &my_salt_len );
841
842 TEST_ASSERT( my_ret == ref_ret );
843
844 if( ref_ret == 0 )
845 {
846 TEST_ASSERT( my_msg_md == (mbedtls_md_type_t) ref_msg_md );
847 TEST_ASSERT( my_mgf_md == (mbedtls_md_type_t) ref_mgf_md );
848 TEST_ASSERT( my_salt_len == ref_salt_len );
849 }
850
851exit:
852 ;;
853}
854/* END_CASE */
855
856/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */
857void x509_selftest( )
858{
859 TEST_ASSERT( mbedtls_x509_self_test( 1 ) == 0 );
860}
861/* END_CASE */