blob: be5fa10bba65b8424d67ab4f0a38ae346e26f548 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +02001/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +00002#include "mbedtls/x509_crt.h"
3#include "mbedtls/x509_crl.h"
4#include "mbedtls/x509_csr.h"
5#include "mbedtls/pem.h"
6#include "mbedtls/oid.h"
7#include "mbedtls/base64.h"
Paul Bakkerb63b0af2011-01-13 17:54:59 +00008
Manuel Pégourié-Gonnard65eefc82015-10-23 14:08:48 +02009const mbedtls_x509_crt_profile compat_profile =
10{
11 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
12 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) |
13 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
14 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
15 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
16 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
17 0xFFFFFFF, /* Any PK alg */
18 0xFFFFFFF, /* Any curve */
19 1024,
20};
21
Manuel Pégourié-Gonnarde6ef16f2015-05-11 19:54:43 +020022int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
Paul Bakkerb63b0af2011-01-13 17:54:59 +000023{
Paul Bakker5a624082011-01-18 16:31:52 +000024 ((void) data);
25 ((void) crt);
26 ((void) certificate_depth);
Manuel Pégourié-Gonnarde6028c92015-04-20 12:19:02 +010027 *flags |= MBEDTLS_X509_BADCERT_OTHER;
Paul Bakkerddf26b42013-09-18 13:46:23 +020028
Paul Bakker915275b2012-09-28 07:10:55 +000029 return 0;
Paul Bakkerb63b0af2011-01-13 17:54:59 +000030}
31
Manuel Pégourié-Gonnarde6ef16f2015-05-11 19:54:43 +020032int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
Paul Bakkerb63b0af2011-01-13 17:54:59 +000033{
Paul Bakker5a624082011-01-18 16:31:52 +000034 ((void) data);
35 ((void) crt);
36 ((void) certificate_depth);
Paul Bakker915275b2012-09-28 07:10:55 +000037 *flags = 0;
Paul Bakker5a624082011-01-18 16:31:52 +000038
Paul Bakkerb63b0af2011-01-13 17:54:59 +000039 return 0;
40}
41
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +020042#if defined(MBEDTLS_X509_CRT_PARSE_C)
43typedef struct {
44 char buf[512];
45 char *p;
46} verify_print_context;
47
48void verify_print_init( verify_print_context *ctx )
49{
50 memset( ctx, 0, sizeof( verify_print_context ) );
51 ctx->p = ctx->buf;
52}
53
54int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
55{
56 int ret;
57 verify_print_context *ctx = (verify_print_context *) data;
58 char *p = ctx->p;
59 size_t n = ctx->buf + sizeof( ctx->buf ) - ctx->p;
60 ((void) flags);
61
62 ret = mbedtls_snprintf( p, n, "depth %d - serial ", certificate_depth );
63 MBEDTLS_X509_SAFE_SNPRINTF;
64
65 ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
66 MBEDTLS_X509_SAFE_SNPRINTF;
67
68 ret = mbedtls_snprintf( p, n, " - subject " );
69 MBEDTLS_X509_SAFE_SNPRINTF;
70
71 ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
72 MBEDTLS_X509_SAFE_SNPRINTF;
73
74 ret = mbedtls_snprintf( p, n, "\n" );
75 MBEDTLS_X509_SAFE_SNPRINTF;
76
77 ctx->p = p;
78
79 return( 0 );
80}
81#endif /* MBEDTLS_X509_CRT_PARSE_C */
Paul Bakker33b43f12013-08-20 11:48:36 +020082/* END_HEADER */
Paul Bakker37940d9f2009-07-10 22:38:58 +000083
Paul Bakker33b43f12013-08-20 11:48:36 +020084/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020085 * depends_on:MBEDTLS_BIGNUM_C
Paul Bakker33b43f12013-08-20 11:48:36 +020086 * END_DEPENDENCIES
87 */
Paul Bakker5690efc2011-05-26 13:16:06 +000088
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020089/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
Paul Bakker33b43f12013-08-20 11:48:36 +020090void x509_cert_info( char *crt_file, char *result_str )
Paul Bakker37940d9f2009-07-10 22:38:58 +000091{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020092 mbedtls_x509_crt crt;
Paul Bakker37940d9f2009-07-10 22:38:58 +000093 char buf[2000];
Paul Bakker69998dd2009-07-11 19:15:20 +000094 int res;
Paul Bakker37940d9f2009-07-10 22:38:58 +000095
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020096 mbedtls_x509_crt_init( &crt );
Paul Bakker37940d9f2009-07-10 22:38:58 +000097 memset( buf, 0, 2000 );
98
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020099 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
100 res = mbedtls_x509_crt_info( buf, 2000, "", &crt );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000101
102 TEST_ASSERT( res != -1 );
103 TEST_ASSERT( res != -2 );
104
Paul Bakker33b43f12013-08-20 11:48:36 +0200105 TEST_ASSERT( strcmp( buf, result_str ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200106
107exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200108 mbedtls_x509_crt_free( &crt );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000109}
Paul Bakker33b43f12013-08-20 11:48:36 +0200110/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000111
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200112/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
113void mbedtls_x509_crl_info( char *crl_file, char *result_str )
Paul Bakker37940d9f2009-07-10 22:38:58 +0000114{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200115 mbedtls_x509_crl crl;
Paul Bakker37940d9f2009-07-10 22:38:58 +0000116 char buf[2000];
Paul Bakker69998dd2009-07-11 19:15:20 +0000117 int res;
Paul Bakker37940d9f2009-07-10 22:38:58 +0000118
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200119 mbedtls_x509_crl_init( &crl );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000120 memset( buf, 0, 2000 );
121
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200122 TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
123 res = mbedtls_x509_crl_info( buf, 2000, "", &crl );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000124
125 TEST_ASSERT( res != -1 );
126 TEST_ASSERT( res != -2 );
127
Paul Bakker33b43f12013-08-20 11:48:36 +0200128 TEST_ASSERT( strcmp( buf, result_str ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200129
130exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200131 mbedtls_x509_crl_free( &crl );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000132}
Paul Bakker33b43f12013-08-20 11:48:36 +0200133/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000134
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200135/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C */
136void mbedtls_x509_csr_info( char *csr_file, char *result_str )
Manuel Pégourié-Gonnard2a8d7fd2014-01-24 17:34:26 +0100137{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200138 mbedtls_x509_csr csr;
Manuel Pégourié-Gonnard2a8d7fd2014-01-24 17:34:26 +0100139 char buf[2000];
140 int res;
141
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200142 mbedtls_x509_csr_init( &csr );
Manuel Pégourié-Gonnard2a8d7fd2014-01-24 17:34:26 +0100143 memset( buf, 0, 2000 );
144
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200145 TEST_ASSERT( mbedtls_x509_csr_parse_file( &csr, csr_file ) == 0 );
146 res = mbedtls_x509_csr_info( buf, 2000, "", &csr );
Manuel Pégourié-Gonnard2a8d7fd2014-01-24 17:34:26 +0100147
Manuel Pégourié-Gonnard2a8d7fd2014-01-24 17:34:26 +0100148 TEST_ASSERT( res != -1 );
149 TEST_ASSERT( res != -2 );
150
151 TEST_ASSERT( strcmp( buf, result_str ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200152
153exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200154 mbedtls_x509_csr_free( &csr );
Manuel Pégourié-Gonnard2a8d7fd2014-01-24 17:34:26 +0100155}
156/* END_CASE */
157
Manuel Pégourié-Gonnardb5f48ad2015-04-20 10:38:13 +0100158/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
159void x509_verify_info( int flags, char *prefix, char *result_str )
160{
161 char buf[2000];
162 int res;
163
164 memset( buf, 0, sizeof( buf ) );
165
166 res = mbedtls_x509_crt_verify_info( buf, sizeof( buf ), prefix, flags );
167
168 TEST_ASSERT( res >= 0 );
169
170 TEST_ASSERT( strcmp( buf, result_str ) == 0 );
171}
172/* END_CASE */
173
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200174/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
Paul Bakker33b43f12013-08-20 11:48:36 +0200175void x509_verify( char *crt_file, char *ca_file, char *crl_file,
176 char *cn_name_str, int result, int flags_result,
177 char *verify_callback )
Paul Bakker37940d9f2009-07-10 22:38:58 +0000178{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200179 mbedtls_x509_crt crt;
180 mbedtls_x509_crt ca;
181 mbedtls_x509_crl crl;
Manuel Pégourié-Gonnarde6ef16f2015-05-11 19:54:43 +0200182 uint32_t flags = 0;
Paul Bakker69998dd2009-07-11 19:15:20 +0000183 int res;
Manuel Pégourié-Gonnarde6ef16f2015-05-11 19:54:43 +0200184 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL;
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200185 char * cn_name = NULL;
Paul Bakker37940d9f2009-07-10 22:38:58 +0000186
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200187 mbedtls_x509_crt_init( &crt );
188 mbedtls_x509_crt_init( &ca );
189 mbedtls_x509_crl_init( &crl );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000190
Paul Bakker33b43f12013-08-20 11:48:36 +0200191 if( strcmp( cn_name_str, "NULL" ) != 0 )
192 cn_name = cn_name_str;
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200193
Paul Bakker33b43f12013-08-20 11:48:36 +0200194 if( strcmp( verify_callback, "NULL" ) == 0 )
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200195 f_vrfy = NULL;
Paul Bakker33b43f12013-08-20 11:48:36 +0200196 else if( strcmp( verify_callback, "verify_none" ) == 0 )
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200197 f_vrfy = verify_none;
Paul Bakker33b43f12013-08-20 11:48:36 +0200198 else if( strcmp( verify_callback, "verify_all" ) == 0 )
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200199 f_vrfy = verify_all;
200 else
201 TEST_ASSERT( "No known verify callback selected" == 0 );
202
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200203 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
204 TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
205 TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000206
Manuel Pégourié-Gonnard65eefc82015-10-23 14:08:48 +0200207 res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, &compat_profile, cn_name, &flags, f_vrfy, NULL );
208
Paul Bakkerbd51b262014-07-10 15:26:12 +0200209 TEST_ASSERT( res == ( result ) );
Manuel Pégourié-Gonnarde6ef16f2015-05-11 19:54:43 +0200210 TEST_ASSERT( flags == (uint32_t)( flags_result ) );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200211
212exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200213 mbedtls_x509_crt_free( &crt );
214 mbedtls_x509_crt_free( &ca );
215 mbedtls_x509_crl_free( &crl );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000216}
Paul Bakker33b43f12013-08-20 11:48:36 +0200217/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000218
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200219/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnard560fea32015-09-01 11:59:24 +0200220void x509_verify_callback( char *crt_file, char *ca_file,
221 int exp_ret, char *exp_vrfy_out )
222{
223 int ret;
224 mbedtls_x509_crt crt;
225 mbedtls_x509_crt ca;
226 uint32_t flags = 0;
227 verify_print_context vrfy_ctx;
228
229 mbedtls_x509_crt_init( &crt );
230 mbedtls_x509_crt_init( &ca );
231 verify_print_init( &vrfy_ctx );
232
233 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
234 TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
235
236 ret = mbedtls_x509_crt_verify( &crt, &ca, NULL, NULL, &flags,
237 verify_print, &vrfy_ctx );
238
239 TEST_ASSERT( ret == exp_ret );
240 TEST_ASSERT( strcmp( vrfy_ctx.buf, exp_vrfy_out ) == 0 );
241
242exit:
243 mbedtls_x509_crt_free( &crt );
244 mbedtls_x509_crt_free( &ca );
245}
246/* END_CASE */
247
248/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200249void mbedtls_x509_dn_gets( char *crt_file, char *entity, char *result_str )
Paul Bakker37940d9f2009-07-10 22:38:58 +0000250{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200251 mbedtls_x509_crt crt;
Paul Bakker37940d9f2009-07-10 22:38:58 +0000252 char buf[2000];
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200253 int res = 0;
Paul Bakker37940d9f2009-07-10 22:38:58 +0000254
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200255 mbedtls_x509_crt_init( &crt );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000256 memset( buf, 0, 2000 );
257
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200258 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
Paul Bakker33b43f12013-08-20 11:48:36 +0200259 if( strcmp( entity, "subject" ) == 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200260 res = mbedtls_x509_dn_gets( buf, 2000, &crt.subject );
Paul Bakker33b43f12013-08-20 11:48:36 +0200261 else if( strcmp( entity, "issuer" ) == 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200262 res = mbedtls_x509_dn_gets( buf, 2000, &crt.issuer );
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200263 else
264 TEST_ASSERT( "Unknown entity" == 0 );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000265
266 TEST_ASSERT( res != -1 );
267 TEST_ASSERT( res != -2 );
268
Paul Bakker33b43f12013-08-20 11:48:36 +0200269 TEST_ASSERT( strcmp( buf, result_str ) == 0 );
Paul Bakkerbd51b262014-07-10 15:26:12 +0200270
271exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200272 mbedtls_x509_crt_free( &crt );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000273}
Paul Bakker33b43f12013-08-20 11:48:36 +0200274/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000275
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200276/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnardc730ed32015-06-02 10:38:50 +0100277void mbedtls_x509_time_is_past( char *crt_file, char *entity, int result )
Paul Bakker37940d9f2009-07-10 22:38:58 +0000278{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200279 mbedtls_x509_crt crt;
Paul Bakker37940d9f2009-07-10 22:38:58 +0000280
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200281 mbedtls_x509_crt_init( &crt );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000282
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200283 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200284
Paul Bakker33b43f12013-08-20 11:48:36 +0200285 if( strcmp( entity, "valid_from" ) == 0 )
Manuel Pégourié-Gonnardc730ed32015-06-02 10:38:50 +0100286 TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_from ) == result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200287 else if( strcmp( entity, "valid_to" ) == 0 )
Manuel Pégourié-Gonnardc730ed32015-06-02 10:38:50 +0100288 TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_to ) == result );
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200289 else
290 TEST_ASSERT( "Unknown entity" == 0 );
Paul Bakkerb08e6842012-02-11 18:43:20 +0000291
Paul Bakkerbd51b262014-07-10 15:26:12 +0200292exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200293 mbedtls_x509_crt_free( &crt );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000294}
Paul Bakker33b43f12013-08-20 11:48:36 +0200295/* END_CASE */
Paul Bakker37940d9f2009-07-10 22:38:58 +0000296
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200297/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnardc730ed32015-06-02 10:38:50 +0100298void mbedtls_x509_time_is_future( char *crt_file, char *entity, int result )
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100299{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200300 mbedtls_x509_crt crt;
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100301
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200302 mbedtls_x509_crt_init( &crt );
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100303
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200304 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100305
306 if( strcmp( entity, "valid_from" ) == 0 )
Manuel Pégourié-Gonnardc730ed32015-06-02 10:38:50 +0100307 TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_from ) == result );
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100308 else if( strcmp( entity, "valid_to" ) == 0 )
Manuel Pégourié-Gonnardc730ed32015-06-02 10:38:50 +0100309 TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_to ) == result );
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100310 else
311 TEST_ASSERT( "Unknown entity" == 0 );
312
Paul Bakkerbd51b262014-07-10 15:26:12 +0200313exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200314 mbedtls_x509_crt_free( &crt );
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100315}
316/* END_CASE */
317
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200318/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
Paul Bakker5a5fa922014-09-26 14:53:04 +0200319void x509parse_crt_file( char *crt_file, int result )
320{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200321 mbedtls_x509_crt crt;
Paul Bakker5a5fa922014-09-26 14:53:04 +0200322
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200323 mbedtls_x509_crt_init( &crt );
Paul Bakker5a5fa922014-09-26 14:53:04 +0200324
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200325 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == result );
Paul Bakker5a5fa922014-09-26 14:53:04 +0200326
327exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200328 mbedtls_x509_crt_free( &crt );
Paul Bakker5a5fa922014-09-26 14:53:04 +0200329}
330/* END_CASE */
331
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200332/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
Paul Bakker33b43f12013-08-20 11:48:36 +0200333void x509parse_crt( char *crt_data, char *result_str, int result )
Paul Bakkerb2c38f52009-07-19 19:36:15 +0000334{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200335 mbedtls_x509_crt crt;
Paul Bakkerb2c38f52009-07-19 19:36:15 +0000336 unsigned char buf[2000];
337 unsigned char output[2000];
338 int data_len, res;
339
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200340 mbedtls_x509_crt_init( &crt );
Paul Bakkerb2c38f52009-07-19 19:36:15 +0000341 memset( buf, 0, 2000 );
342 memset( output, 0, 2000 );
343
Paul Bakker33b43f12013-08-20 11:48:36 +0200344 data_len = unhexify( buf, crt_data );
Paul Bakkerb2c38f52009-07-19 19:36:15 +0000345
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200346 TEST_ASSERT( mbedtls_x509_crt_parse( &crt, buf, data_len ) == ( result ) );
Paul Bakker33b43f12013-08-20 11:48:36 +0200347 if( ( result ) == 0 )
Paul Bakkerb2c38f52009-07-19 19:36:15 +0000348 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200349 res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
Paul Bakker33b43f12013-08-20 11:48:36 +0200350
Paul Bakkerb2c38f52009-07-19 19:36:15 +0000351 TEST_ASSERT( res != -1 );
352 TEST_ASSERT( res != -2 );
353
Paul Bakker33b43f12013-08-20 11:48:36 +0200354 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
Paul Bakkerb2c38f52009-07-19 19:36:15 +0000355 }
Paul Bakkerb08e6842012-02-11 18:43:20 +0000356
Paul Bakkerbd51b262014-07-10 15:26:12 +0200357exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200358 mbedtls_x509_crt_free( &crt );
Paul Bakkerb2c38f52009-07-19 19:36:15 +0000359}
Paul Bakker33b43f12013-08-20 11:48:36 +0200360/* END_CASE */
Paul Bakkerb2c38f52009-07-19 19:36:15 +0000361
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200362/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C */
Paul Bakker33b43f12013-08-20 11:48:36 +0200363void x509parse_crl( char *crl_data, char *result_str, int result )
Paul Bakker6b0fa4f2009-07-20 20:35:41 +0000364{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200365 mbedtls_x509_crl crl;
Paul Bakker6b0fa4f2009-07-20 20:35:41 +0000366 unsigned char buf[2000];
367 unsigned char output[2000];
368 int data_len, res;
369
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200370 mbedtls_x509_crl_init( &crl );
Paul Bakker6b0fa4f2009-07-20 20:35:41 +0000371 memset( buf, 0, 2000 );
372 memset( output, 0, 2000 );
373
Paul Bakker33b43f12013-08-20 11:48:36 +0200374 data_len = unhexify( buf, crl_data );
Paul Bakker6b0fa4f2009-07-20 20:35:41 +0000375
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200376 TEST_ASSERT( mbedtls_x509_crl_parse( &crl, buf, data_len ) == ( result ) );
Paul Bakker33b43f12013-08-20 11:48:36 +0200377 if( ( result ) == 0 )
Paul Bakker6b0fa4f2009-07-20 20:35:41 +0000378 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200379 res = mbedtls_x509_crl_info( (char *) output, 2000, "", &crl );
Paul Bakker33b43f12013-08-20 11:48:36 +0200380
Paul Bakker6b0fa4f2009-07-20 20:35:41 +0000381 TEST_ASSERT( res != -1 );
382 TEST_ASSERT( res != -2 );
383
Paul Bakker33b43f12013-08-20 11:48:36 +0200384 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
Paul Bakker6b0fa4f2009-07-20 20:35:41 +0000385 }
Paul Bakkerb08e6842012-02-11 18:43:20 +0000386
Paul Bakkerbd51b262014-07-10 15:26:12 +0200387exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200388 mbedtls_x509_crl_free( &crl );
Paul Bakker6b0fa4f2009-07-20 20:35:41 +0000389}
Paul Bakker33b43f12013-08-20 11:48:36 +0200390/* END_CASE */
Paul Bakker6b0fa4f2009-07-20 20:35:41 +0000391
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200392/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C */
393void mbedtls_x509_csr_parse( char *csr_der_hex, char *ref_out, int ref_ret )
Manuel Pégourié-Gonnardd77cd5d2014-06-13 11:13:15 +0200394{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200395 mbedtls_x509_csr csr;
Paul Bakkerbd51b262014-07-10 15:26:12 +0200396 unsigned char *csr_der = NULL;
Manuel Pégourié-Gonnardd77cd5d2014-06-13 11:13:15 +0200397 char my_out[1000];
398 size_t csr_der_len;
399 int my_ret;
400
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200401 mbedtls_x509_csr_init( &csr );
Manuel Pégourié-Gonnardd77cd5d2014-06-13 11:13:15 +0200402 memset( my_out, 0, sizeof( my_out ) );
403 csr_der = unhexify_alloc( csr_der_hex, &csr_der_len );
404
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200405 my_ret = mbedtls_x509_csr_parse_der( &csr, csr_der, csr_der_len );
Manuel Pégourié-Gonnardd77cd5d2014-06-13 11:13:15 +0200406 TEST_ASSERT( my_ret == ref_ret );
407
408 if( ref_ret == 0 )
409 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200410 size_t my_out_len = mbedtls_x509_csr_info( my_out, sizeof( my_out ), "", &csr );
Manuel Pégourié-Gonnardd77cd5d2014-06-13 11:13:15 +0200411 TEST_ASSERT( my_out_len == strlen( ref_out ) );
412 TEST_ASSERT( strcmp( my_out, ref_out ) == 0 );
413 }
414
Paul Bakkerbd51b262014-07-10 15:26:12 +0200415exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200416 mbedtls_x509_csr_free( &csr );
417 mbedtls_free( csr_der );
Manuel Pégourié-Gonnardd77cd5d2014-06-13 11:13:15 +0200418}
419/* END_CASE */
420
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200421/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
422void mbedtls_x509_crt_parse_path( char *crt_path, int ret, int nb_crt )
Manuel Pégourié-Gonnardfbae2a12013-11-26 16:43:39 +0100423{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200424 mbedtls_x509_crt chain, *cur;
Manuel Pégourié-Gonnardfbae2a12013-11-26 16:43:39 +0100425 int i;
426
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200427 mbedtls_x509_crt_init( &chain );
Manuel Pégourié-Gonnardfbae2a12013-11-26 16:43:39 +0100428
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200429 TEST_ASSERT( mbedtls_x509_crt_parse_path( &chain, crt_path ) == ret );
Manuel Pégourié-Gonnardfbae2a12013-11-26 16:43:39 +0100430
431 /* Check how many certs we got */
432 for( i = 0, cur = &chain; cur != NULL; cur = cur->next )
433 if( cur->raw.p != NULL )
434 i++;
435
436 TEST_ASSERT( i == nb_crt );
437
Paul Bakkerbd51b262014-07-10 15:26:12 +0200438exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200439 mbedtls_x509_crt_free( &chain );
Manuel Pégourié-Gonnardfbae2a12013-11-26 16:43:39 +0100440}
441/* END_CASE */
442
Janos Follath822b2c32015-10-11 10:25:22 +0200443/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
Janos Follathef4f2582015-10-11 16:17:27 +0200444void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca, int flags_result )
Janos Follath822b2c32015-10-11 10:25:22 +0200445{
446 char* act;
447 uint32_t flags;
Janos Follathef4f2582015-10-11 16:17:27 +0200448 int result, res;
Manuel Pégourié-Gonnarde670f902015-10-30 09:23:19 +0100449 mbedtls_x509_crt trusted, chain;
Janos Follath822b2c32015-10-11 10:25:22 +0200450
Janos Follathef4f2582015-10-11 16:17:27 +0200451 result= flags_result?MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:0;
452
Janos Follath822b2c32015-10-11 10:25:22 +0200453 mbedtls_x509_crt_init( &chain );
454 mbedtls_x509_crt_init( &trusted );
455
Manuel Pégourié-Gonnard45777c32015-10-30 09:24:28 +0100456 while( ( act = strsep( &chain_paths, " " ) ) != NULL )
Manuel Pégourié-Gonnarde670f902015-10-30 09:23:19 +0100457 TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, act ) == 0 );
458 TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, trusted_ca ) == 0 );
Janos Follath822b2c32015-10-11 10:25:22 +0200459
460 res = mbedtls_x509_crt_verify( &chain, &trusted, NULL, NULL, &flags, NULL, NULL );
Janos Follathef4f2582015-10-11 16:17:27 +0200461
462 TEST_ASSERT( res == ( result ) );
463 TEST_ASSERT( flags == (uint32_t)( flags_result ) );
Janos Follath822b2c32015-10-11 10:25:22 +0200464
465exit:
466 mbedtls_x509_crt_free( &trusted );
467 mbedtls_x509_crt_free( &chain );
468}
469/* END_CASE */
470
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200471/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100472void x509_oid_desc( char *oid_str, char *ref_desc )
473{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200474 mbedtls_x509_buf oid;
Manuel Pégourié-Gonnard48d3cef2015-03-20 18:14:26 +0000475 const char *desc = NULL;
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100476 unsigned char buf[20];
Manuel Pégourié-Gonnard48d3cef2015-03-20 18:14:26 +0000477 int ret;
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100478
479 memset( buf, 0, sizeof buf );
480
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200481 oid.tag = MBEDTLS_ASN1_OID;
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100482 oid.len = unhexify( buf, oid_str );
483 oid.p = buf;
484
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200485 ret = mbedtls_oid_get_extended_key_usage( &oid, &desc );
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100486
487 if( strcmp( ref_desc, "notfound" ) == 0 )
Manuel Pégourié-Gonnard48d3cef2015-03-20 18:14:26 +0000488 {
489 TEST_ASSERT( ret != 0 );
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100490 TEST_ASSERT( desc == NULL );
Manuel Pégourié-Gonnard48d3cef2015-03-20 18:14:26 +0000491 }
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100492 else
493 {
Manuel Pégourié-Gonnard48d3cef2015-03-20 18:14:26 +0000494 TEST_ASSERT( ret == 0 );
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100495 TEST_ASSERT( desc != NULL );
496 TEST_ASSERT( strcmp( desc, ref_desc ) == 0 );
497 }
498}
499/* END_CASE */
500
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200501/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100502void x509_oid_numstr( char *oid_str, char *numstr, int blen, int ret )
503{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200504 mbedtls_x509_buf oid;
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100505 unsigned char oid_buf[20];
506 char num_buf[100];
507
508 memset( oid_buf, 0x00, sizeof oid_buf );
509 memset( num_buf, 0x2a, sizeof num_buf );
510
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200511 oid.tag = MBEDTLS_ASN1_OID;
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100512 oid.len = unhexify( oid_buf, oid_str );
513 oid.p = oid_buf;
514
515 TEST_ASSERT( (size_t) blen <= sizeof num_buf );
516
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200517 TEST_ASSERT( mbedtls_oid_get_numeric_string( num_buf, blen, &oid ) == ret );
Manuel Pégourié-Gonnard7afdb882014-03-28 16:06:35 +0100518
519 if( ret >= 0 )
520 {
521 TEST_ASSERT( num_buf[ret] == 0 );
522 TEST_ASSERT( strcmp( num_buf, numstr ) == 0 );
523 }
524}
525/* END_CASE */
526
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200527/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_KEY_USAGE */
Manuel Pégourié-Gonnard603116c2014-04-09 09:50:03 +0200528void x509_check_key_usage( char *crt_file, int usage, int ret )
529{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200530 mbedtls_x509_crt crt;
Manuel Pégourié-Gonnard603116c2014-04-09 09:50:03 +0200531
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200532 mbedtls_x509_crt_init( &crt );
Manuel Pégourié-Gonnard603116c2014-04-09 09:50:03 +0200533
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200534 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
Manuel Pégourié-Gonnard603116c2014-04-09 09:50:03 +0200535
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200536 TEST_ASSERT( mbedtls_x509_crt_check_key_usage( &crt, usage ) == ret );
Manuel Pégourié-Gonnard603116c2014-04-09 09:50:03 +0200537
Paul Bakkerbd51b262014-07-10 15:26:12 +0200538exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200539 mbedtls_x509_crt_free( &crt );
Manuel Pégourié-Gonnard603116c2014-04-09 09:50:03 +0200540}
541/* END_CASE */
542
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200543/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
Manuel Pégourié-Gonnard7afb8a02014-04-10 17:53:56 +0200544void x509_check_extended_key_usage( char *crt_file, char *usage_hex, int ret )
545{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200546 mbedtls_x509_crt crt;
Manuel Pégourié-Gonnard7afb8a02014-04-10 17:53:56 +0200547 char oid[50];
548 size_t len;
549
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200550 mbedtls_x509_crt_init( &crt );
Manuel Pégourié-Gonnard7afb8a02014-04-10 17:53:56 +0200551
552 len = unhexify( (unsigned char *) oid, usage_hex );
553
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200554 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
Manuel Pégourié-Gonnard7afb8a02014-04-10 17:53:56 +0200555
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200556 TEST_ASSERT( mbedtls_x509_crt_check_extended_key_usage( &crt, oid, len ) == ret );
Manuel Pégourié-Gonnard7afb8a02014-04-10 17:53:56 +0200557
Paul Bakkerbd51b262014-07-10 15:26:12 +0200558exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200559 mbedtls_x509_crt_free( &crt );
Manuel Pégourié-Gonnard7afb8a02014-04-10 17:53:56 +0200560}
561/* END_CASE */
562
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200563/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */
Manuel Pégourié-Gonnard85403692014-06-06 14:48:38 +0200564void x509_parse_rsassa_pss_params( char *hex_params, int params_tag,
565 int ref_msg_md, int ref_mgf_md,
566 int ref_salt_len, int ref_ret )
567{
568 int my_ret;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200569 mbedtls_x509_buf params;
570 mbedtls_md_type_t my_msg_md, my_mgf_md;
Manuel Pégourié-Gonnard85403692014-06-06 14:48:38 +0200571 int my_salt_len;
572
573 params.p = unhexify_alloc( hex_params, &params.len );
574 params.tag = params_tag;
575
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200576 my_ret = mbedtls_x509_get_rsassa_pss_params( &params, &my_msg_md, &my_mgf_md,
Manuel Pégourié-Gonnard85403692014-06-06 14:48:38 +0200577 &my_salt_len );
578
Manuel Pégourié-Gonnard85403692014-06-06 14:48:38 +0200579 TEST_ASSERT( my_ret == ref_ret );
580
581 if( ref_ret == 0 )
582 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200583 TEST_ASSERT( my_msg_md == (mbedtls_md_type_t) ref_msg_md );
584 TEST_ASSERT( my_mgf_md == (mbedtls_md_type_t) ref_mgf_md );
Manuel Pégourié-Gonnard85403692014-06-06 14:48:38 +0200585 TEST_ASSERT( my_salt_len == ref_salt_len );
586 }
587
Paul Bakkerbd51b262014-07-10 15:26:12 +0200588exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200589 mbedtls_free( params.p );
Manuel Pégourié-Gonnard85403692014-06-06 14:48:38 +0200590}
591/* END_CASE */
592
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200593/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */
Paul Bakker33b43f12013-08-20 11:48:36 +0200594void x509_selftest()
Paul Bakker37940d9f2009-07-10 22:38:58 +0000595{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200596 TEST_ASSERT( mbedtls_x509_self_test( 0 ) == 0 );
Paul Bakker37940d9f2009-07-10 22:38:58 +0000597}
Paul Bakker33b43f12013-08-20 11:48:36 +0200598/* END_CASE */