1/* BEGIN_HEADER */ 2#include "mbedtls/bignum.h" 3#include "mbedtls/x509.h" 4#include "mbedtls/x509_crt.h" 5#include "mbedtls/x509_crl.h" 6#include "mbedtls/x509_csr.h" 7#include "mbedtls/pem.h" 8#include "mbedtls/oid.h" 9#include "mbedtls/base64.h" 10#include "mbedtls/error.h" 11#include "string.h" 12 13#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19 14#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \ 15than the current threshold 19. To test larger values, please \ 16adapt the script tests/data_files/dir-max/long.sh." 17#endif 18 19/* Test-only profile allowing all digests, PK algorithms, and curves. */ 20const mbedtls_x509_crt_profile profile_all = 21{ 22 0xFFFFFFFF, /* Any MD */ 23 0xFFFFFFFF, /* Any PK alg */ 24 0xFFFFFFFF, /* Any curve */ 25 1024, 26}; 27 28/* Profile for backward compatibility. Allows SHA-1, unlike the default 29 profile. */ 30const mbedtls_x509_crt_profile compat_profile = 31{ 32 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) | 33 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) | 34 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) | 35 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | 36 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | 37 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), 38 0xFFFFFFF, /* Any PK alg */ 39 0xFFFFFFF, /* Any curve */ 40 1024, 41}; 42 43const mbedtls_x509_crt_profile profile_rsa3072 = 44{ 45 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | 46 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | 47 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), 48 MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ), 49 0, 50 3072, 51}; 52 53const mbedtls_x509_crt_profile profile_sha512 = 54{ 55 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), 56 0xFFFFFFF, /* Any PK alg */ 57 0xFFFFFFF, /* Any curve */ 58 1024, 59}; 60 61int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags ) 62{ 63 ((void) data); 64 ((void) crt); 65 ((void) certificate_depth); 66 *flags |= MBEDTLS_X509_BADCERT_OTHER; 67 68 return 0; 69} 70 71int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags ) 72{ 73 ((void) data); 74 ((void) crt); 75 ((void) certificate_depth); 76 *flags = 0; 77 78 return 0; 79} 80 81#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 82int ca_callback_fail( void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates ) 83{ 84 ((void) data); 85 ((void) child); 86 ((void) candidates); 87 88 return -1; 89} 90 91int ca_callback( void *data, mbedtls_x509_crt const *child, 92 mbedtls_x509_crt **candidates ) 93{ 94 int ret = 0; 95 mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; 96 mbedtls_x509_crt *first; 97 98 /* This is a test-only implementation of the CA callback 99 * which always returns the entire list of trusted certificates. 100 * Production implementations managing a large number of CAs 101 * should use an efficient presentation and lookup for the 102 * set of trusted certificates (such as a hashtable) and only 103 * return those trusted certificates which satisfy basic 104 * parental checks, such as the matching of child `Issuer` 105 * and parent `Subject` field. */ 106 ((void) child); 107 108 first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); 109 if( first == NULL ) 110 { 111 ret = -1; 112 goto exit; 113 } 114 mbedtls_x509_crt_init( first ); 115 116 if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 ) 117 { 118 ret = -1; 119 goto exit; 120 } 121 122 while( ca->next != NULL ) 123 { 124 ca = ca->next; 125 if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 ) 126 { 127 ret = -1; 128 goto exit; 129 } 130 } 131 132exit: 133 134 if( ret != 0 ) 135 { 136 mbedtls_x509_crt_free( first ); 137 mbedtls_free( first ); 138 first = NULL; 139 } 140 141 *candidates = first; 142 return( ret ); 143} 144#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 145 146int verify_fatal( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags ) 147{ 148 int *levels = (int *) data; 149 150 ((void) crt); 151 ((void) certificate_depth); 152 153 /* Simulate a fatal error in the callback */ 154 if( *levels & ( 1 << certificate_depth ) ) 155 { 156 *flags |= ( 1 << certificate_depth ); 157 return( -1 - certificate_depth ); 158 } 159 160 return( 0 ); 161} 162 163/* strsep() not available on Windows */ 164char *mystrsep(char **stringp, const char *delim) 165{ 166 const char *p; 167 char *ret = *stringp; 168 169 if( *stringp == NULL ) 170 return( NULL ); 171 172 for( ; ; (*stringp)++ ) 173 { 174 if( **stringp == '\0' ) 175 { 176 *stringp = NULL; 177 goto done; 178 } 179 180 for( p = delim; *p != '\0'; p++ ) 181 if( **stringp == *p ) 182 { 183 **stringp = '\0'; 184 (*stringp)++; 185 goto done; 186 } 187 } 188 189done: 190 return( ret ); 191} 192 193#if defined(MBEDTLS_X509_CRT_PARSE_C) 194typedef struct { 195 char buf[512]; 196 char *p; 197} verify_print_context; 198 199void verify_print_init( verify_print_context *ctx ) 200{ 201 memset( ctx, 0, sizeof( verify_print_context ) ); 202 ctx->p = ctx->buf; 203} 204 205int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags ) 206{ 207 int ret; 208 verify_print_context *ctx = (verify_print_context *) data; 209 char *p = ctx->p; 210 size_t n = ctx->buf + sizeof( ctx->buf ) - ctx->p; 211 ((void) flags); 212 213 ret = mbedtls_snprintf( p, n, "depth %d - serial ", certificate_depth ); 214 MBEDTLS_X509_SAFE_SNPRINTF; 215 216 ret = mbedtls_x509_serial_gets( p, n, &crt->serial ); 217 MBEDTLS_X509_SAFE_SNPRINTF; 218 219 ret = mbedtls_snprintf( p, n, " - subject " ); 220 MBEDTLS_X509_SAFE_SNPRINTF; 221 222 ret = mbedtls_x509_dn_gets( p, n, &crt->subject ); 223 MBEDTLS_X509_SAFE_SNPRINTF; 224 225 ret = mbedtls_snprintf( p, n, " - flags 0x%08x\n", *flags ); 226 MBEDTLS_X509_SAFE_SNPRINTF; 227 228 ctx->p = p; 229 230 return( 0 ); 231} 232 233int verify_parse_san( mbedtls_x509_subject_alternative_name *san, 234 char **buf, size_t *size ) 235{ 236 int ret; 237 size_t i; 238 char *p = *buf; 239 size_t n = *size; 240 241 ret = mbedtls_snprintf( p, n, "type : %d", san->type ); 242 MBEDTLS_X509_SAFE_SNPRINTF; 243 244 switch( san->type ) 245 { 246 case( MBEDTLS_X509_SAN_OTHER_NAME ): 247 ret = mbedtls_snprintf( p, n, "\notherName :"); 248 MBEDTLS_X509_SAFE_SNPRINTF; 249 250 if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, 251 &san->san.other_name.value.hardware_module_name.oid ) != 0 ) 252 { 253 ret = mbedtls_snprintf( p, n, " hardware module name :" ); 254 MBEDTLS_X509_SAFE_SNPRINTF; 255 ret = mbedtls_snprintf( p, n, " hardware type : " ); 256 MBEDTLS_X509_SAFE_SNPRINTF; 257 258 ret = mbedtls_oid_get_numeric_string( p, n, 259 &san->san.other_name.value.hardware_module_name.oid ); 260 MBEDTLS_X509_SAFE_SNPRINTF; 261 262 ret = mbedtls_snprintf( p, n, ", hardware serial number : " ); 263 MBEDTLS_X509_SAFE_SNPRINTF; 264 265 if( san->san.other_name.value.hardware_module_name.val.len >= n ) 266 { 267 *p = '\0'; 268 return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); 269 } 270 271 for( i=0; i < san->san.other_name.value.hardware_module_name.val.len; i++ ) 272 { 273 *p++ = san->san.other_name.value.hardware_module_name.val.p[i]; 274 } 275 n -= san->san.other_name.value.hardware_module_name.val.len; 276 } 277 break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */ 278 case( MBEDTLS_X509_SAN_DNS_NAME ): 279 ret = mbedtls_snprintf( p, n, "\ndNSName : " ); 280 MBEDTLS_X509_SAFE_SNPRINTF; 281 if( san->san.unstructured_name.len >= n ) 282 { 283 *p = '\0'; 284 return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); 285 } 286 n -= san->san.unstructured_name.len; 287 for( i = 0; i < san->san.unstructured_name.len; i++ ) 288 *p++ = san->san.unstructured_name.p[i]; 289 break;/* MBEDTLS_X509_SAN_DNS_NAME */ 290 291 default: 292 /* 293 * Should not happen. 294 */ 295 return( -1 ); 296 } 297 ret = mbedtls_snprintf( p, n, "\n" ); 298 MBEDTLS_X509_SAFE_SNPRINTF; 299 300 *size = n; 301 *buf = p; 302 303 return( 0 ); 304} 305 306int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, 307 int critical, const unsigned char *cp, const unsigned char *end ) 308{ 309 ( void ) crt; 310 ( void ) critical; 311 mbedtls_x509_buf *new_oid = (mbedtls_x509_buf *)p_ctx; 312 if( oid->tag == MBEDTLS_ASN1_OID && 313 MBEDTLS_OID_CMP( MBEDTLS_OID_CERTIFICATE_POLICIES, oid ) == 0 ) 314 { 315 /* Handle unknown certificate policy */ 316 int ret, parse_ret = 0; 317 size_t len; 318 unsigned char **p = (unsigned char **)&cp; 319 320 /* Get main sequence tag */ 321 ret = mbedtls_asn1_get_tag( p, end, &len, 322 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); 323 if( ret != 0 ) 324 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 325 326 if( *p + len != end ) 327 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 328 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 329 330 /* 331 * Cannot be an empty sequence. 332 */ 333 if( len == 0 ) 334 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 335 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 336 337 while( *p < end ) 338 { 339 const unsigned char *policy_end; 340 341 /* 342 * Get the policy sequence 343 */ 344 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 345 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 346 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 347 348 policy_end = *p + len; 349 350 if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, 351 MBEDTLS_ASN1_OID ) ) != 0 ) 352 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 353 354 /* 355 * Recognize exclusively the policy with OID 1 356 */ 357 if( len != 1 || *p[0] != 1 ) 358 parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; 359 360 *p += len; 361 362 /* 363 * If there is an optional qualifier, then *p < policy_end 364 * Check the Qualifier len to verify it doesn't exceed policy_end. 365 */ 366 if( *p < policy_end ) 367 { 368 if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, 369 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 370 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 371 /* 372 * Skip the optional policy qualifiers. 373 */ 374 *p += len; 375 } 376 377 if( *p != policy_end ) 378 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 379 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 380 } 381 382 if( *p != end ) 383 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 384 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 385 386 return( parse_ret ); 387 } 388 else if( new_oid != NULL && new_oid->tag == oid->tag && new_oid->len == oid->len && 389 memcmp( new_oid->p, oid->p, oid->len ) == 0 ) 390 return( 0 ); 391 else 392 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 393 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); 394} 395#endif /* MBEDTLS_X509_CRT_PARSE_C */ 396/* END_HEADER */ 397 398/* BEGIN_DEPENDENCIES 399 * depends_on:MBEDTLS_BIGNUM_C 400 * END_DEPENDENCIES 401 */ 402 403/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 404void x509_parse_san( char * crt_file, char * result_str ) 405{ 406 int ret; 407 mbedtls_x509_crt crt; 408 mbedtls_x509_subject_alternative_name san; 409 mbedtls_x509_sequence *cur = NULL; 410 char buf[2000]; 411 char *p = buf; 412 size_t n = sizeof( buf ); 413 414 mbedtls_x509_crt_init( &crt ); 415 memset( buf, 0, 2000 ); 416 417 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 418 419 if( crt.ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) 420 { 421 cur = &crt.subject_alt_names; 422 while( cur != NULL ) 423 { 424 ret = mbedtls_x509_parse_subject_alt_name( &cur->buf, &san ); 425 TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); 426 /* 427 * If san type not supported, ignore. 428 */ 429 if( ret == 0) 430 TEST_ASSERT( verify_parse_san( &san, &p, &n ) == 0 ); 431 cur = cur->next; 432 } 433 } 434 435 TEST_ASSERT( strcmp( buf, result_str ) == 0 ); 436 437exit: 438 439 mbedtls_x509_crt_free( &crt ); 440} 441/* END_CASE */ 442 443/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_X509_CRT_PARSE_C */ 444void x509_cert_info( char * crt_file, char * result_str ) 445{ 446 mbedtls_x509_crt crt; 447 char buf[2000]; 448 int res; 449 450 mbedtls_x509_crt_init( &crt ); 451 memset( buf, 0, 2000 ); 452 453 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 454 res = mbedtls_x509_crt_info( buf, 2000, "", &crt ); 455 456 TEST_ASSERT( res != -1 ); 457 TEST_ASSERT( res != -2 ); 458 459 TEST_ASSERT( strcmp( buf, result_str ) == 0 ); 460 461exit: 462 mbedtls_x509_crt_free( &crt ); 463} 464/* END_CASE */ 465 466/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ 467void mbedtls_x509_crl_info( char * crl_file, char * result_str ) 468{ 469 mbedtls_x509_crl crl; 470 char buf[2000]; 471 int res; 472 473 mbedtls_x509_crl_init( &crl ); 474 memset( buf, 0, 2000 ); 475 476 TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 ); 477 res = mbedtls_x509_crl_info( buf, 2000, "", &crl ); 478 479 TEST_ASSERT( res != -1 ); 480 TEST_ASSERT( res != -2 ); 481 482 TEST_ASSERT( strcmp( buf, result_str ) == 0 ); 483 484exit: 485 mbedtls_x509_crl_free( &crl ); 486} 487/* END_CASE */ 488 489/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */ 490void mbedtls_x509_crl_parse( char * crl_file, int result ) 491{ 492 mbedtls_x509_crl crl; 493 char buf[2000]; 494 495 mbedtls_x509_crl_init( &crl ); 496 memset( buf, 0, 2000 ); 497 498 TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == result ); 499 500exit: 501 mbedtls_x509_crl_free( &crl ); 502} 503/* END_CASE */ 504 505/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ 506void mbedtls_x509_csr_info( char * csr_file, char * result_str ) 507{ 508 mbedtls_x509_csr csr; 509 char buf[2000]; 510 int res; 511 512 mbedtls_x509_csr_init( &csr ); 513 memset( buf, 0, 2000 ); 514 515 TEST_ASSERT( mbedtls_x509_csr_parse_file( &csr, csr_file ) == 0 ); 516 res = mbedtls_x509_csr_info( buf, 2000, "", &csr ); 517 518 TEST_ASSERT( res != -1 ); 519 TEST_ASSERT( res != -2 ); 520 521 TEST_ASSERT( strcmp( buf, result_str ) == 0 ); 522 523exit: 524 mbedtls_x509_csr_free( &csr ); 525} 526/* END_CASE */ 527 528/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ 529void x509_verify_info( int flags, char * prefix, char * result_str ) 530{ 531 char buf[2000]; 532 int res; 533 534 memset( buf, 0, sizeof( buf ) ); 535 536 res = mbedtls_x509_crt_verify_info( buf, sizeof( buf ), prefix, flags ); 537 538 TEST_ASSERT( res >= 0 ); 539 540 TEST_ASSERT( strcmp( buf, result_str ) == 0 ); 541} 542/* END_CASE */ 543 544/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */ 545void x509_verify_restart( char *crt_file, char *ca_file, 546 int result, int flags_result, 547 int max_ops, int min_restart, int max_restart ) 548{ 549 int ret, cnt_restart; 550 mbedtls_x509_crt_restart_ctx rs_ctx; 551 mbedtls_x509_crt crt; 552 mbedtls_x509_crt ca; 553 uint32_t flags = 0; 554 555 /* 556 * See comments on ecp_test_vect_restart() for op count precision. 557 * 558 * For reference, with mbed TLS 2.6 and default settings: 559 * - ecdsa_verify() for P-256: ~ 6700 560 * - ecdsa_verify() for P-384: ~ 18800 561 * - x509_verify() for server5 -> test-ca2: ~ 18800 562 * - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500 563 */ 564 565 mbedtls_x509_crt_restart_init( &rs_ctx ); 566 mbedtls_x509_crt_init( &crt ); 567 mbedtls_x509_crt_init( &ca ); 568 569 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 570 TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 ); 571 572 mbedtls_ecp_set_max_ops( max_ops ); 573 574 cnt_restart = 0; 575 do { 576 ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL, 577 &mbedtls_x509_crt_profile_default, NULL, &flags, 578 NULL, NULL, &rs_ctx ); 579 } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); 580 581 TEST_ASSERT( ret == result ); 582 TEST_ASSERT( flags == (uint32_t) flags_result ); 583 584 TEST_ASSERT( cnt_restart >= min_restart ); 585 TEST_ASSERT( cnt_restart <= max_restart ); 586 587 /* Do we leak memory when aborting? */ 588 ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL, 589 &mbedtls_x509_crt_profile_default, NULL, &flags, 590 NULL, NULL, &rs_ctx ); 591 TEST_ASSERT( ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); 592 593exit: 594 mbedtls_x509_crt_restart_free( &rs_ctx ); 595 mbedtls_x509_crt_free( &crt ); 596 mbedtls_x509_crt_free( &ca ); 597} 598/* END_CASE */ 599 600/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */ 601void x509_verify( char *crt_file, char *ca_file, char *crl_file, 602 char *cn_name_str, int result, int flags_result, 603 char *profile_str, 604 char *verify_callback ) 605{ 606 mbedtls_x509_crt crt; 607 mbedtls_x509_crt ca; 608 mbedtls_x509_crl crl; 609 uint32_t flags = 0; 610 int res; 611 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL; 612 char * cn_name = NULL; 613 const mbedtls_x509_crt_profile *profile; 614 615 mbedtls_x509_crt_init( &crt ); 616 mbedtls_x509_crt_init( &ca ); 617 mbedtls_x509_crl_init( &crl ); 618 619 USE_PSA_INIT( ); 620 621 if( strcmp( cn_name_str, "NULL" ) != 0 ) 622 cn_name = cn_name_str; 623 624 if( strcmp( profile_str, "" ) == 0 ) 625 profile = &mbedtls_x509_crt_profile_default; 626 else if( strcmp( profile_str, "next" ) == 0 ) 627 profile = &mbedtls_x509_crt_profile_next; 628 else if( strcmp( profile_str, "suite_b" ) == 0 ) 629 profile = &mbedtls_x509_crt_profile_suiteb; 630 else if( strcmp( profile_str, "compat" ) == 0 ) 631 profile = &compat_profile; 632 else if( strcmp( profile_str, "all" ) == 0 ) 633 profile = &profile_all; 634 else 635 TEST_ASSERT( "Unknown algorithm profile" == 0 ); 636 637 if( strcmp( verify_callback, "NULL" ) == 0 ) 638 f_vrfy = NULL; 639 else if( strcmp( verify_callback, "verify_none" ) == 0 ) 640 f_vrfy = verify_none; 641 else if( strcmp( verify_callback, "verify_all" ) == 0 ) 642 f_vrfy = verify_all; 643 else 644 TEST_ASSERT( "No known verify callback selected" == 0 ); 645 646 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 647 TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 ); 648 TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 ); 649 650 res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, cn_name, &flags, f_vrfy, NULL ); 651 652 TEST_ASSERT( res == ( result ) ); 653 TEST_ASSERT( flags == (uint32_t)( flags_result ) ); 654 655#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 656 /* CRLs aren't supported with CA callbacks, so skip the CA callback 657 * version of the test if CRLs are in use. */ 658 if( crl_file == NULL || strcmp( crl_file, "" ) == 0 ) 659 { 660 flags = 0; 661 662 res = mbedtls_x509_crt_verify_with_ca_cb( &crt, ca_callback, &ca, profile, cn_name, &flags, f_vrfy, NULL ); 663 664 TEST_ASSERT( res == ( result ) ); 665 TEST_ASSERT( flags == (uint32_t)( flags_result ) ); 666 } 667#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 668exit: 669 mbedtls_x509_crt_free( &crt ); 670 mbedtls_x509_crt_free( &ca ); 671 mbedtls_x509_crl_free( &crl ); 672 USE_PSA_DONE( ); 673} 674/* END_CASE */ 675 676/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 677void x509_verify_ca_cb_failure( char *crt_file, char *ca_file, char *name, 678 int exp_ret ) 679{ 680 int ret; 681 mbedtls_x509_crt crt; 682 mbedtls_x509_crt ca; 683 uint32_t flags = 0; 684 685 mbedtls_x509_crt_init( &crt ); 686 mbedtls_x509_crt_init( &ca ); 687 688 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 689 TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 ); 690 691 if( strcmp( name, "NULL" ) == 0 ) 692 name = NULL; 693 694 ret = mbedtls_x509_crt_verify_with_ca_cb( &crt, ca_callback_fail, &ca, 695 &compat_profile, name, &flags, 696 NULL, NULL ); 697 698 TEST_ASSERT( ret == exp_ret ); 699 TEST_ASSERT( flags == (uint32_t)( -1 ) ); 700exit: 701 mbedtls_x509_crt_free( &crt ); 702 mbedtls_x509_crt_free( &ca ); 703} 704/* END_CASE */ 705 706/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 707void x509_verify_callback( char *crt_file, char *ca_file, char *name, 708 int exp_ret, char *exp_vrfy_out ) 709{ 710 int ret; 711 mbedtls_x509_crt crt; 712 mbedtls_x509_crt ca; 713 uint32_t flags = 0; 714 verify_print_context vrfy_ctx; 715 716 mbedtls_x509_crt_init( &crt ); 717 mbedtls_x509_crt_init( &ca ); 718 verify_print_init( &vrfy_ctx ); 719 720 USE_PSA_INIT( ); 721 722 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 723 TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 ); 724 725 if( strcmp( name, "NULL" ) == 0 ) 726 name = NULL; 727 728 ret = mbedtls_x509_crt_verify_with_profile( &crt, &ca, NULL, 729 &compat_profile, 730 name, &flags, 731 verify_print, &vrfy_ctx ); 732 733 TEST_ASSERT( ret == exp_ret ); 734 TEST_ASSERT( strcmp( vrfy_ctx.buf, exp_vrfy_out ) == 0 ); 735 736exit: 737 mbedtls_x509_crt_free( &crt ); 738 mbedtls_x509_crt_free( &ca ); 739 USE_PSA_DONE( ); 740} 741/* END_CASE */ 742 743/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ 744void mbedtls_x509_dn_gets( char * crt_file, char * entity, char * result_str ) 745{ 746 mbedtls_x509_crt crt; 747 char buf[2000]; 748 int res = 0; 749 750 mbedtls_x509_crt_init( &crt ); 751 memset( buf, 0, 2000 ); 752 753 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 754 if( strcmp( entity, "subject" ) == 0 ) 755 res = mbedtls_x509_dn_gets( buf, 2000, &crt.subject ); 756 else if( strcmp( entity, "issuer" ) == 0 ) 757 res = mbedtls_x509_dn_gets( buf, 2000, &crt.issuer ); 758 else 759 TEST_ASSERT( "Unknown entity" == 0 ); 760 761 TEST_ASSERT( res != -1 ); 762 TEST_ASSERT( res != -2 ); 763 764 TEST_ASSERT( strcmp( buf, result_str ) == 0 ); 765 766exit: 767 mbedtls_x509_crt_free( &crt ); 768} 769/* END_CASE */ 770 771/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 772void mbedtls_x509_time_is_past( char * crt_file, char * entity, int result ) 773{ 774 mbedtls_x509_crt crt; 775 776 mbedtls_x509_crt_init( &crt ); 777 778 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 779 780 if( strcmp( entity, "valid_from" ) == 0 ) 781 TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_from ) == result ); 782 else if( strcmp( entity, "valid_to" ) == 0 ) 783 TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_to ) == result ); 784 else 785 TEST_ASSERT( "Unknown entity" == 0 ); 786 787exit: 788 mbedtls_x509_crt_free( &crt ); 789} 790/* END_CASE */ 791 792/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 793void mbedtls_x509_time_is_future( char * crt_file, char * entity, int result ) 794{ 795 mbedtls_x509_crt crt; 796 797 mbedtls_x509_crt_init( &crt ); 798 799 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 800 801 if( strcmp( entity, "valid_from" ) == 0 ) 802 TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_from ) == result ); 803 else if( strcmp( entity, "valid_to" ) == 0 ) 804 TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_to ) == result ); 805 else 806 TEST_ASSERT( "Unknown entity" == 0 ); 807 808exit: 809 mbedtls_x509_crt_free( &crt ); 810} 811/* END_CASE */ 812 813/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */ 814void x509parse_crt_file( char * crt_file, int result ) 815{ 816 mbedtls_x509_crt crt; 817 818 mbedtls_x509_crt_init( &crt ); 819 820 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == result ); 821 822exit: 823 mbedtls_x509_crt_free( &crt ); 824} 825/* END_CASE */ 826 827/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ 828void x509parse_crt( data_t * buf, char * result_str, int result ) 829{ 830 mbedtls_x509_crt crt; 831#if !defined(MBEDTLS_X509_REMOVE_INFO) 832 unsigned char output[2000] = { 0 }; 833 int res; 834#else 835 ((void) result_str); 836#endif 837 838 mbedtls_x509_crt_init( &crt ); 839 840 TEST_ASSERT( mbedtls_x509_crt_parse_der( &crt, buf->x, buf->len ) == ( result ) ); 841#if !defined(MBEDTLS_X509_REMOVE_INFO) 842 if( ( result ) == 0 ) 843 { 844 res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); 845 TEST_ASSERT( res != -1 ); 846 TEST_ASSERT( res != -2 ); 847 848 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); 849 } 850 memset( output, 0, 2000 ); 851#endif 852 853 mbedtls_x509_crt_free( &crt ); 854 mbedtls_x509_crt_init( &crt ); 855 856 TEST_ASSERT( mbedtls_x509_crt_parse_der_nocopy( &crt, buf->x, buf->len ) == ( result ) ); 857#if !defined(MBEDTLS_X509_REMOVE_INFO) 858 if( ( result ) == 0 ) 859 { 860 memset( output, 0, 2000 ); 861 862 res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); 863 864 TEST_ASSERT( res != -1 ); 865 TEST_ASSERT( res != -2 ); 866 867 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); 868 } 869 memset( output, 0, 2000 ); 870#endif /* !MBEDTLS_X509_REMOVE_INFO */ 871 872 mbedtls_x509_crt_free( &crt ); 873 mbedtls_x509_crt_init( &crt ); 874 875 TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, NULL, NULL ) == ( result ) ); 876#if !defined(MBEDTLS_X509_REMOVE_INFO) 877 if( ( result ) == 0 ) 878 { 879 res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); 880 881 TEST_ASSERT( res != -1 ); 882 TEST_ASSERT( res != -2 ); 883 884 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); 885 } 886 memset( output, 0, 2000 ); 887#endif /* !MBEDTLS_X509_REMOVE_INFO */ 888 889 mbedtls_x509_crt_free( &crt ); 890 mbedtls_x509_crt_init( &crt ); 891 892 TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, NULL, NULL ) == ( result ) ); 893#if !defined(MBEDTLS_X509_REMOVE_INFO) 894 if( ( result ) == 0 ) 895 { 896 res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); 897 898 TEST_ASSERT( res != -1 ); 899 TEST_ASSERT( res != -2 ); 900 901 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); 902 } 903#endif /* !MBEDTLS_X509_REMOVE_INFO */ 904 905exit: 906 mbedtls_x509_crt_free( &crt ); 907} 908/* END_CASE */ 909 910/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ 911void x509parse_crt_cb( data_t * buf, char * result_str, int result ) 912{ 913 mbedtls_x509_crt crt; 914 mbedtls_x509_buf oid; 915 916#if !defined(MBEDTLS_X509_REMOVE_INFO) 917 unsigned char output[2000] = { 0 }; 918 int res; 919#else 920 ((void) result_str); 921#endif 922 923 oid.tag = MBEDTLS_ASN1_OID; 924 oid.len = MBEDTLS_OID_SIZE(MBEDTLS_OID_PKIX "\x01\x1F"); 925 oid.p = (unsigned char *)MBEDTLS_OID_PKIX "\x01\x1F"; 926 927 mbedtls_x509_crt_init( &crt ); 928 929 TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, parse_crt_ext_cb, &oid ) == ( result ) ); 930#if !defined(MBEDTLS_X509_REMOVE_INFO) 931 if( ( result ) == 0 ) 932 { 933 res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); 934 935 TEST_ASSERT( res != -1 ); 936 TEST_ASSERT( res != -2 ); 937 938 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); 939 } 940 memset( output, 0, 2000 ); 941#endif /* !MBEDTLS_X509_REMOVE_INFO */ 942 943 mbedtls_x509_crt_free( &crt ); 944 mbedtls_x509_crt_init( &crt ); 945 946 TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, parse_crt_ext_cb, &oid ) == ( result ) ); 947#if !defined(MBEDTLS_X509_REMOVE_INFO) 948 if( ( result ) == 0 ) 949 { 950 res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); 951 952 TEST_ASSERT( res != -1 ); 953 TEST_ASSERT( res != -2 ); 954 955 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); 956 } 957#endif /* !MBEDTLS_X509_REMOVE_INFO */ 958 959exit: 960 mbedtls_x509_crt_free( &crt ); 961} 962/* END_CASE */ 963 964/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ 965void x509parse_crl( data_t * buf, char * result_str, int result ) 966{ 967 mbedtls_x509_crl crl; 968 unsigned char output[2000]; 969 int res; 970 971 mbedtls_x509_crl_init( &crl ); 972 memset( output, 0, 2000 ); 973 974 975 TEST_ASSERT( mbedtls_x509_crl_parse( &crl, buf->x, buf->len ) == ( result ) ); 976 if( ( result ) == 0 ) 977 { 978 res = mbedtls_x509_crl_info( (char *) output, 2000, "", &crl ); 979 980 TEST_ASSERT( res != -1 ); 981 TEST_ASSERT( res != -2 ); 982 983 TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); 984 } 985 986exit: 987 mbedtls_x509_crl_free( &crl ); 988} 989/* END_CASE */ 990 991/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ 992void mbedtls_x509_csr_parse( data_t * csr_der, char * ref_out, int ref_ret ) 993{ 994 mbedtls_x509_csr csr; 995 char my_out[1000]; 996 int my_ret; 997 998 mbedtls_x509_csr_init( &csr ); 999 memset( my_out, 0, sizeof( my_out ) ); 1000 1001 my_ret = mbedtls_x509_csr_parse_der( &csr, csr_der->x, csr_der->len ); 1002 TEST_ASSERT( my_ret == ref_ret ); 1003 1004 if( ref_ret == 0 ) 1005 { 1006 size_t my_out_len = mbedtls_x509_csr_info( my_out, sizeof( my_out ), "", &csr ); 1007 TEST_ASSERT( my_out_len == strlen( ref_out ) ); 1008 TEST_ASSERT( strcmp( my_out, ref_out ) == 0 ); 1009 } 1010 1011exit: 1012 mbedtls_x509_csr_free( &csr ); 1013} 1014/* END_CASE */ 1015 1016/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 1017void mbedtls_x509_crt_parse_path( char * crt_path, int ret, int nb_crt ) 1018{ 1019 mbedtls_x509_crt chain, *cur; 1020 int i; 1021 1022 mbedtls_x509_crt_init( &chain ); 1023 1024 TEST_ASSERT( mbedtls_x509_crt_parse_path( &chain, crt_path ) == ret ); 1025 1026 /* Check how many certs we got */ 1027 for( i = 0, cur = &chain; cur != NULL; cur = cur->next ) 1028 if( cur->raw.p != NULL ) 1029 i++; 1030 1031 TEST_ASSERT( i == nb_crt ); 1032 1033exit: 1034 mbedtls_x509_crt_free( &chain ); 1035} 1036/* END_CASE */ 1037 1038/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 1039void mbedtls_x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int, 1040 int ret_chk, int flags_chk ) 1041{ 1042 char file_buf[128]; 1043 int ret; 1044 uint32_t flags; 1045 mbedtls_x509_crt trusted, chain; 1046 1047 /* 1048 * We expect chain_dir to contain certificates 00.crt, 01.crt, etc. 1049 * with NN.crt signed by NN-1.crt 1050 */ 1051 1052 mbedtls_x509_crt_init( &trusted ); 1053 mbedtls_x509_crt_init( &chain ); 1054 1055 USE_PSA_INIT( ); 1056 1057 /* Load trusted root */ 1058 TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, ca_file ) == 0 ); 1059 1060 /* Load a chain with nb_int intermediates (from 01 to nb_int), 1061 * plus one "end-entity" cert (nb_int + 1) */ 1062 ret = mbedtls_snprintf( file_buf, sizeof file_buf, "%s/c%02d.pem", chain_dir, 1063 nb_int + 1 ); 1064 TEST_ASSERT( ret > 0 && (size_t) ret < sizeof file_buf ); 1065 TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, file_buf ) == 0 ); 1066 1067 /* Try to verify that chain */ 1068 ret = mbedtls_x509_crt_verify( &chain, &trusted, NULL, NULL, &flags, 1069 NULL, NULL ); 1070 TEST_ASSERT( ret == ret_chk ); 1071 TEST_ASSERT( flags == (uint32_t) flags_chk ); 1072 1073exit: 1074 mbedtls_x509_crt_free( &chain ); 1075 mbedtls_x509_crt_free( &trusted ); 1076 USE_PSA_DONE( ); 1077} 1078/* END_CASE */ 1079 1080/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 1081void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca, 1082 int flags_result, int result, 1083 char *profile_name, int vrfy_fatal_lvls ) 1084{ 1085 char* act; 1086 uint32_t flags; 1087 int res; 1088 mbedtls_x509_crt trusted, chain; 1089 const mbedtls_x509_crt_profile *profile = NULL; 1090 1091 mbedtls_x509_crt_init( &chain ); 1092 mbedtls_x509_crt_init( &trusted ); 1093 1094 USE_PSA_INIT( ); 1095 1096 while( ( act = mystrsep( &chain_paths, " " ) ) != NULL ) 1097 TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, act ) == 0 ); 1098 TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, trusted_ca ) == 0 ); 1099 1100 if( strcmp( profile_name, "" ) == 0 ) 1101 profile = &mbedtls_x509_crt_profile_default; 1102 else if( strcmp( profile_name, "next" ) == 0 ) 1103 profile = &mbedtls_x509_crt_profile_next; 1104 else if( strcmp( profile_name, "suiteb" ) == 0 ) 1105 profile = &mbedtls_x509_crt_profile_suiteb; 1106 else if( strcmp( profile_name, "rsa3072" ) == 0 ) 1107 profile = &profile_rsa3072; 1108 else if( strcmp( profile_name, "sha512" ) == 0 ) 1109 profile = &profile_sha512; 1110 1111 res = mbedtls_x509_crt_verify_with_profile( &chain, &trusted, NULL, profile, 1112 NULL, &flags, verify_fatal, &vrfy_fatal_lvls ); 1113 1114 TEST_ASSERT( res == ( result ) ); 1115 TEST_ASSERT( flags == (uint32_t)( flags_result ) ); 1116 1117exit: 1118 mbedtls_x509_crt_free( &trusted ); 1119 mbedtls_x509_crt_free( &chain ); 1120 USE_PSA_DONE( ); 1121} 1122/* END_CASE */ 1123 1124/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C:!MBEDTLS_X509_REMOVE_INFO */ 1125void x509_oid_desc( data_t * buf, char * ref_desc ) 1126{ 1127 mbedtls_x509_buf oid; 1128 const char *desc = NULL; 1129 int ret; 1130 1131 1132 oid.tag = MBEDTLS_ASN1_OID; 1133 oid.p = buf->x; 1134 oid.len = buf->len; 1135 1136 ret = mbedtls_oid_get_extended_key_usage( &oid, &desc ); 1137 1138 if( strcmp( ref_desc, "notfound" ) == 0 ) 1139 { 1140 TEST_ASSERT( ret != 0 ); 1141 TEST_ASSERT( desc == NULL ); 1142 } 1143 else 1144 { 1145 TEST_ASSERT( ret == 0 ); 1146 TEST_ASSERT( desc != NULL ); 1147 TEST_ASSERT( strcmp( desc, ref_desc ) == 0 ); 1148 } 1149} 1150/* END_CASE */ 1151 1152/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ 1153void x509_oid_numstr( data_t * oid_buf, char * numstr, int blen, int ret ) 1154{ 1155 mbedtls_x509_buf oid; 1156 char num_buf[100]; 1157 1158 memset( num_buf, 0x2a, sizeof num_buf ); 1159 1160 oid.tag = MBEDTLS_ASN1_OID; 1161 oid.p = oid_buf->x; 1162 oid.len = oid_buf->len; 1163 1164 TEST_ASSERT( (size_t) blen <= sizeof num_buf ); 1165 1166 TEST_ASSERT( mbedtls_oid_get_numeric_string( num_buf, blen, &oid ) == ret ); 1167 1168 if( ret >= 0 ) 1169 { 1170 TEST_ASSERT( num_buf[ret] == 0 ); 1171 TEST_ASSERT( strcmp( num_buf, numstr ) == 0 ); 1172 } 1173} 1174/* END_CASE */ 1175 1176/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 1177void x509_check_key_usage( char * crt_file, int usage, int ret ) 1178{ 1179 mbedtls_x509_crt crt; 1180 1181 mbedtls_x509_crt_init( &crt ); 1182 1183 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 1184 1185 TEST_ASSERT( mbedtls_x509_crt_check_key_usage( &crt, usage ) == ret ); 1186 1187exit: 1188 mbedtls_x509_crt_free( &crt ); 1189} 1190/* END_CASE */ 1191 1192/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 1193void x509_check_extended_key_usage( char * crt_file, data_t * oid, int ret 1194 ) 1195{ 1196 mbedtls_x509_crt crt; 1197 1198 mbedtls_x509_crt_init( &crt ); 1199 1200 1201 TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); 1202 1203 TEST_ASSERT( mbedtls_x509_crt_check_extended_key_usage( &crt, (const char *)oid->x, oid->len ) == ret ); 1204 1205exit: 1206 mbedtls_x509_crt_free( &crt ); 1207} 1208/* END_CASE */ 1209 1210/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ 1211void x509_get_time( int tag, char * time_str, int ret, int year, int mon, 1212 int day, int hour, int min, int sec ) 1213{ 1214 mbedtls_x509_time time; 1215 unsigned char buf[21]; 1216 unsigned char* start = buf; 1217 unsigned char* end = buf; 1218 1219 memset( &time, 0x00, sizeof( time ) ); 1220 *end = (unsigned char)tag; end++; 1221 *end = strlen( time_str ); 1222 TEST_ASSERT( *end < 20 ); 1223 end++; 1224 memcpy( end, time_str, (size_t)*(end - 1) ); 1225 end += *(end - 1); 1226 1227 TEST_ASSERT( mbedtls_x509_get_time( &start, end, &time ) == ret ); 1228 if( ret == 0 ) 1229 { 1230 TEST_ASSERT( year == time.year ); 1231 TEST_ASSERT( mon == time.mon ); 1232 TEST_ASSERT( day == time.day ); 1233 TEST_ASSERT( hour == time.hour ); 1234 TEST_ASSERT( min == time.min ); 1235 TEST_ASSERT( sec == time.sec ); 1236 } 1237} 1238/* END_CASE */ 1239 1240/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */ 1241void x509_parse_rsassa_pss_params( data_t * params, int params_tag, 1242 int ref_msg_md, int ref_mgf_md, 1243 int ref_salt_len, int ref_ret ) 1244{ 1245 int my_ret; 1246 mbedtls_x509_buf buf; 1247 mbedtls_md_type_t my_msg_md, my_mgf_md; 1248 int my_salt_len; 1249 1250 buf.p = params->x; 1251 buf.len = params->len; 1252 buf.tag = params_tag; 1253 1254 my_ret = mbedtls_x509_get_rsassa_pss_params( &buf, &my_msg_md, &my_mgf_md, 1255 &my_salt_len ); 1256 1257 TEST_ASSERT( my_ret == ref_ret ); 1258 1259 if( ref_ret == 0 ) 1260 { 1261 TEST_ASSERT( my_msg_md == (mbedtls_md_type_t) ref_msg_md ); 1262 TEST_ASSERT( my_mgf_md == (mbedtls_md_type_t) ref_mgf_md ); 1263 TEST_ASSERT( my_salt_len == ref_salt_len ); 1264 } 1265 1266exit: 1267 ;; 1268} 1269/* END_CASE */ 1270