1*62c56f98SSadaf Ebrahimi/* BEGIN_HEADER */ 2*62c56f98SSadaf Ebrahimi#include "mbedtls/bignum.h" 3*62c56f98SSadaf Ebrahimi#include "mbedtls/x509.h" 4*62c56f98SSadaf Ebrahimi#include "mbedtls/x509_crt.h" 5*62c56f98SSadaf Ebrahimi#include "mbedtls/x509_crl.h" 6*62c56f98SSadaf Ebrahimi#include "mbedtls/x509_csr.h" 7*62c56f98SSadaf Ebrahimi#include "mbedtls/pem.h" 8*62c56f98SSadaf Ebrahimi#include "mbedtls/oid.h" 9*62c56f98SSadaf Ebrahimi#include "mbedtls/base64.h" 10*62c56f98SSadaf Ebrahimi#include "mbedtls/error.h" 11*62c56f98SSadaf Ebrahimi#include "mbedtls/pk.h" 12*62c56f98SSadaf Ebrahimi#include "string.h" 13*62c56f98SSadaf Ebrahimi 14*62c56f98SSadaf Ebrahimi#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19 15*62c56f98SSadaf Ebrahimi#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \ 16*62c56f98SSadaf Ebrahimi than the current threshold 19. To test larger values, please \ 17*62c56f98SSadaf Ebrahimi adapt the script tests/data_files/dir-max/long.sh." 18*62c56f98SSadaf Ebrahimi#endif 19*62c56f98SSadaf Ebrahimi 20*62c56f98SSadaf Ebrahimi/* Test-only profile allowing all digests, PK algorithms, and curves. */ 21*62c56f98SSadaf Ebrahimiconst mbedtls_x509_crt_profile profile_all = 22*62c56f98SSadaf Ebrahimi{ 23*62c56f98SSadaf Ebrahimi 0xFFFFFFFF, /* Any MD */ 24*62c56f98SSadaf Ebrahimi 0xFFFFFFFF, /* Any PK alg */ 25*62c56f98SSadaf Ebrahimi 0xFFFFFFFF, /* Any curve */ 26*62c56f98SSadaf Ebrahimi 1024, 27*62c56f98SSadaf Ebrahimi}; 28*62c56f98SSadaf Ebrahimi 29*62c56f98SSadaf Ebrahimi/* Profile for backward compatibility. Allows SHA-1, unlike the default 30*62c56f98SSadaf Ebrahimi profile. */ 31*62c56f98SSadaf Ebrahimiconst mbedtls_x509_crt_profile compat_profile = 32*62c56f98SSadaf Ebrahimi{ 33*62c56f98SSadaf Ebrahimi MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1) | 34*62c56f98SSadaf Ebrahimi MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_RIPEMD160) | 35*62c56f98SSadaf Ebrahimi MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA224) | 36*62c56f98SSadaf Ebrahimi MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | 37*62c56f98SSadaf Ebrahimi MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | 38*62c56f98SSadaf Ebrahimi MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), 39*62c56f98SSadaf Ebrahimi 0xFFFFFFFF, /* Any PK alg */ 40*62c56f98SSadaf Ebrahimi 0xFFFFFFFF, /* Any curve */ 41*62c56f98SSadaf Ebrahimi 1024, 42*62c56f98SSadaf Ebrahimi}; 43*62c56f98SSadaf Ebrahimi 44*62c56f98SSadaf Ebrahimiconst mbedtls_x509_crt_profile profile_rsa3072 = 45*62c56f98SSadaf Ebrahimi{ 46*62c56f98SSadaf Ebrahimi MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | 47*62c56f98SSadaf Ebrahimi MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | 48*62c56f98SSadaf Ebrahimi MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), 49*62c56f98SSadaf Ebrahimi MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_RSA), 50*62c56f98SSadaf Ebrahimi 0, 51*62c56f98SSadaf Ebrahimi 3072, 52*62c56f98SSadaf Ebrahimi}; 53*62c56f98SSadaf Ebrahimi 54*62c56f98SSadaf Ebrahimiconst mbedtls_x509_crt_profile profile_sha512 = 55*62c56f98SSadaf Ebrahimi{ 56*62c56f98SSadaf Ebrahimi MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), 57*62c56f98SSadaf Ebrahimi 0xFFFFFFFF, /* Any PK alg */ 58*62c56f98SSadaf Ebrahimi 0xFFFFFFFF, /* Any curve */ 59*62c56f98SSadaf Ebrahimi 1024, 60*62c56f98SSadaf Ebrahimi}; 61*62c56f98SSadaf Ebrahimi 62*62c56f98SSadaf Ebrahimiint verify_none(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) 63*62c56f98SSadaf Ebrahimi{ 64*62c56f98SSadaf Ebrahimi ((void) data); 65*62c56f98SSadaf Ebrahimi ((void) crt); 66*62c56f98SSadaf Ebrahimi ((void) certificate_depth); 67*62c56f98SSadaf Ebrahimi *flags |= MBEDTLS_X509_BADCERT_OTHER; 68*62c56f98SSadaf Ebrahimi 69*62c56f98SSadaf Ebrahimi return 0; 70*62c56f98SSadaf Ebrahimi} 71*62c56f98SSadaf Ebrahimi 72*62c56f98SSadaf Ebrahimiint verify_all(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) 73*62c56f98SSadaf Ebrahimi{ 74*62c56f98SSadaf Ebrahimi ((void) data); 75*62c56f98SSadaf Ebrahimi ((void) crt); 76*62c56f98SSadaf Ebrahimi ((void) certificate_depth); 77*62c56f98SSadaf Ebrahimi *flags = 0; 78*62c56f98SSadaf Ebrahimi 79*62c56f98SSadaf Ebrahimi return 0; 80*62c56f98SSadaf Ebrahimi} 81*62c56f98SSadaf Ebrahimi 82*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 83*62c56f98SSadaf Ebrahimiint ca_callback_fail(void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates) 84*62c56f98SSadaf Ebrahimi{ 85*62c56f98SSadaf Ebrahimi ((void) data); 86*62c56f98SSadaf Ebrahimi ((void) child); 87*62c56f98SSadaf Ebrahimi ((void) candidates); 88*62c56f98SSadaf Ebrahimi 89*62c56f98SSadaf Ebrahimi return -1; 90*62c56f98SSadaf Ebrahimi} 91*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_X509_CRT_PARSE_C) 92*62c56f98SSadaf Ebrahimiint ca_callback(void *data, mbedtls_x509_crt const *child, 93*62c56f98SSadaf Ebrahimi mbedtls_x509_crt **candidates) 94*62c56f98SSadaf Ebrahimi{ 95*62c56f98SSadaf Ebrahimi int ret = 0; 96*62c56f98SSadaf Ebrahimi mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; 97*62c56f98SSadaf Ebrahimi mbedtls_x509_crt *first; 98*62c56f98SSadaf Ebrahimi 99*62c56f98SSadaf Ebrahimi /* This is a test-only implementation of the CA callback 100*62c56f98SSadaf Ebrahimi * which always returns the entire list of trusted certificates. 101*62c56f98SSadaf Ebrahimi * Production implementations managing a large number of CAs 102*62c56f98SSadaf Ebrahimi * should use an efficient presentation and lookup for the 103*62c56f98SSadaf Ebrahimi * set of trusted certificates (such as a hashtable) and only 104*62c56f98SSadaf Ebrahimi * return those trusted certificates which satisfy basic 105*62c56f98SSadaf Ebrahimi * parental checks, such as the matching of child `Issuer` 106*62c56f98SSadaf Ebrahimi * and parent `Subject` field. */ 107*62c56f98SSadaf Ebrahimi ((void) child); 108*62c56f98SSadaf Ebrahimi 109*62c56f98SSadaf Ebrahimi first = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); 110*62c56f98SSadaf Ebrahimi if (first == NULL) { 111*62c56f98SSadaf Ebrahimi ret = -1; 112*62c56f98SSadaf Ebrahimi goto exit; 113*62c56f98SSadaf Ebrahimi } 114*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(first); 115*62c56f98SSadaf Ebrahimi 116*62c56f98SSadaf Ebrahimi if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) { 117*62c56f98SSadaf Ebrahimi ret = -1; 118*62c56f98SSadaf Ebrahimi goto exit; 119*62c56f98SSadaf Ebrahimi } 120*62c56f98SSadaf Ebrahimi 121*62c56f98SSadaf Ebrahimi while (ca->next != NULL) { 122*62c56f98SSadaf Ebrahimi ca = ca->next; 123*62c56f98SSadaf Ebrahimi if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) { 124*62c56f98SSadaf Ebrahimi ret = -1; 125*62c56f98SSadaf Ebrahimi goto exit; 126*62c56f98SSadaf Ebrahimi } 127*62c56f98SSadaf Ebrahimi } 128*62c56f98SSadaf Ebrahimi 129*62c56f98SSadaf Ebrahimiexit: 130*62c56f98SSadaf Ebrahimi 131*62c56f98SSadaf Ebrahimi if (ret != 0) { 132*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(first); 133*62c56f98SSadaf Ebrahimi mbedtls_free(first); 134*62c56f98SSadaf Ebrahimi first = NULL; 135*62c56f98SSadaf Ebrahimi } 136*62c56f98SSadaf Ebrahimi 137*62c56f98SSadaf Ebrahimi *candidates = first; 138*62c56f98SSadaf Ebrahimi return ret; 139*62c56f98SSadaf Ebrahimi} 140*62c56f98SSadaf Ebrahimi#endif /* MBEDTLS_X509_CRT_PARSE_C */ 141*62c56f98SSadaf Ebrahimi#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 142*62c56f98SSadaf Ebrahimi 143*62c56f98SSadaf Ebrahimiint verify_fatal(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) 144*62c56f98SSadaf Ebrahimi{ 145*62c56f98SSadaf Ebrahimi int *levels = (int *) data; 146*62c56f98SSadaf Ebrahimi 147*62c56f98SSadaf Ebrahimi ((void) crt); 148*62c56f98SSadaf Ebrahimi ((void) certificate_depth); 149*62c56f98SSadaf Ebrahimi 150*62c56f98SSadaf Ebrahimi /* Simulate a fatal error in the callback */ 151*62c56f98SSadaf Ebrahimi if (*levels & (1 << certificate_depth)) { 152*62c56f98SSadaf Ebrahimi *flags |= (1 << certificate_depth); 153*62c56f98SSadaf Ebrahimi return -1 - certificate_depth; 154*62c56f98SSadaf Ebrahimi } 155*62c56f98SSadaf Ebrahimi 156*62c56f98SSadaf Ebrahimi return 0; 157*62c56f98SSadaf Ebrahimi} 158*62c56f98SSadaf Ebrahimi 159*62c56f98SSadaf Ebrahimi/* strsep() not available on Windows */ 160*62c56f98SSadaf Ebrahimichar *mystrsep(char **stringp, const char *delim) 161*62c56f98SSadaf Ebrahimi{ 162*62c56f98SSadaf Ebrahimi const char *p; 163*62c56f98SSadaf Ebrahimi char *ret = *stringp; 164*62c56f98SSadaf Ebrahimi 165*62c56f98SSadaf Ebrahimi if (*stringp == NULL) { 166*62c56f98SSadaf Ebrahimi return NULL; 167*62c56f98SSadaf Ebrahimi } 168*62c56f98SSadaf Ebrahimi 169*62c56f98SSadaf Ebrahimi for (;; (*stringp)++) { 170*62c56f98SSadaf Ebrahimi if (**stringp == '\0') { 171*62c56f98SSadaf Ebrahimi *stringp = NULL; 172*62c56f98SSadaf Ebrahimi goto done; 173*62c56f98SSadaf Ebrahimi } 174*62c56f98SSadaf Ebrahimi 175*62c56f98SSadaf Ebrahimi for (p = delim; *p != '\0'; p++) { 176*62c56f98SSadaf Ebrahimi if (**stringp == *p) { 177*62c56f98SSadaf Ebrahimi **stringp = '\0'; 178*62c56f98SSadaf Ebrahimi (*stringp)++; 179*62c56f98SSadaf Ebrahimi goto done; 180*62c56f98SSadaf Ebrahimi } 181*62c56f98SSadaf Ebrahimi } 182*62c56f98SSadaf Ebrahimi } 183*62c56f98SSadaf Ebrahimi 184*62c56f98SSadaf Ebrahimidone: 185*62c56f98SSadaf Ebrahimi return ret; 186*62c56f98SSadaf Ebrahimi} 187*62c56f98SSadaf Ebrahimi 188*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_X509_CRT_PARSE_C) 189*62c56f98SSadaf Ebrahimitypedef struct { 190*62c56f98SSadaf Ebrahimi char buf[512]; 191*62c56f98SSadaf Ebrahimi char *p; 192*62c56f98SSadaf Ebrahimi} verify_print_context; 193*62c56f98SSadaf Ebrahimi 194*62c56f98SSadaf Ebrahimivoid verify_print_init(verify_print_context *ctx) 195*62c56f98SSadaf Ebrahimi{ 196*62c56f98SSadaf Ebrahimi memset(ctx, 0, sizeof(verify_print_context)); 197*62c56f98SSadaf Ebrahimi ctx->p = ctx->buf; 198*62c56f98SSadaf Ebrahimi} 199*62c56f98SSadaf Ebrahimi 200*62c56f98SSadaf Ebrahimiint verify_print(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) 201*62c56f98SSadaf Ebrahimi{ 202*62c56f98SSadaf Ebrahimi int ret; 203*62c56f98SSadaf Ebrahimi verify_print_context *ctx = (verify_print_context *) data; 204*62c56f98SSadaf Ebrahimi char *p = ctx->p; 205*62c56f98SSadaf Ebrahimi size_t n = ctx->buf + sizeof(ctx->buf) - ctx->p; 206*62c56f98SSadaf Ebrahimi ((void) flags); 207*62c56f98SSadaf Ebrahimi 208*62c56f98SSadaf Ebrahimi ret = mbedtls_snprintf(p, n, "depth %d - serial ", certificate_depth); 209*62c56f98SSadaf Ebrahimi MBEDTLS_X509_SAFE_SNPRINTF; 210*62c56f98SSadaf Ebrahimi 211*62c56f98SSadaf Ebrahimi ret = mbedtls_x509_serial_gets(p, n, &crt->serial); 212*62c56f98SSadaf Ebrahimi MBEDTLS_X509_SAFE_SNPRINTF; 213*62c56f98SSadaf Ebrahimi 214*62c56f98SSadaf Ebrahimi ret = mbedtls_snprintf(p, n, " - subject "); 215*62c56f98SSadaf Ebrahimi MBEDTLS_X509_SAFE_SNPRINTF; 216*62c56f98SSadaf Ebrahimi 217*62c56f98SSadaf Ebrahimi ret = mbedtls_x509_dn_gets(p, n, &crt->subject); 218*62c56f98SSadaf Ebrahimi MBEDTLS_X509_SAFE_SNPRINTF; 219*62c56f98SSadaf Ebrahimi 220*62c56f98SSadaf Ebrahimi ret = mbedtls_snprintf(p, n, " - flags 0x%08x\n", *flags); 221*62c56f98SSadaf Ebrahimi MBEDTLS_X509_SAFE_SNPRINTF; 222*62c56f98SSadaf Ebrahimi 223*62c56f98SSadaf Ebrahimi ctx->p = p; 224*62c56f98SSadaf Ebrahimi 225*62c56f98SSadaf Ebrahimi return 0; 226*62c56f98SSadaf Ebrahimi} 227*62c56f98SSadaf Ebrahimi 228*62c56f98SSadaf Ebrahimiint verify_parse_san(mbedtls_x509_subject_alternative_name *san, 229*62c56f98SSadaf Ebrahimi char **buf, size_t *size) 230*62c56f98SSadaf Ebrahimi{ 231*62c56f98SSadaf Ebrahimi int ret; 232*62c56f98SSadaf Ebrahimi size_t i; 233*62c56f98SSadaf Ebrahimi char *p = *buf; 234*62c56f98SSadaf Ebrahimi size_t n = *size; 235*62c56f98SSadaf Ebrahimi 236*62c56f98SSadaf Ebrahimi ret = mbedtls_snprintf(p, n, "type : %d", san->type); 237*62c56f98SSadaf Ebrahimi MBEDTLS_X509_SAFE_SNPRINTF; 238*62c56f98SSadaf Ebrahimi 239*62c56f98SSadaf Ebrahimi switch (san->type) { 240*62c56f98SSadaf Ebrahimi case (MBEDTLS_X509_SAN_OTHER_NAME): 241*62c56f98SSadaf Ebrahimi ret = mbedtls_snprintf(p, n, "\notherName :"); 242*62c56f98SSadaf Ebrahimi MBEDTLS_X509_SAFE_SNPRINTF; 243*62c56f98SSadaf Ebrahimi 244*62c56f98SSadaf Ebrahimi if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, 245*62c56f98SSadaf Ebrahimi &san->san.other_name.type_id) == 0) { 246*62c56f98SSadaf Ebrahimi ret = mbedtls_snprintf(p, n, " hardware module name :"); 247*62c56f98SSadaf Ebrahimi MBEDTLS_X509_SAFE_SNPRINTF; 248*62c56f98SSadaf Ebrahimi ret = mbedtls_snprintf(p, n, " hardware type : "); 249*62c56f98SSadaf Ebrahimi MBEDTLS_X509_SAFE_SNPRINTF; 250*62c56f98SSadaf Ebrahimi 251*62c56f98SSadaf Ebrahimi ret = mbedtls_oid_get_numeric_string(p, 252*62c56f98SSadaf Ebrahimi n, 253*62c56f98SSadaf Ebrahimi &san->san.other_name.value.hardware_module_name.oid); 254*62c56f98SSadaf Ebrahimi MBEDTLS_X509_SAFE_SNPRINTF; 255*62c56f98SSadaf Ebrahimi 256*62c56f98SSadaf Ebrahimi ret = mbedtls_snprintf(p, n, ", hardware serial number : "); 257*62c56f98SSadaf Ebrahimi MBEDTLS_X509_SAFE_SNPRINTF; 258*62c56f98SSadaf Ebrahimi 259*62c56f98SSadaf Ebrahimi for (i = 0; i < san->san.other_name.value.hardware_module_name.val.len; i++) { 260*62c56f98SSadaf Ebrahimi ret = mbedtls_snprintf(p, 261*62c56f98SSadaf Ebrahimi n, 262*62c56f98SSadaf Ebrahimi "%02X", 263*62c56f98SSadaf Ebrahimi san->san.other_name.value.hardware_module_name.val.p[i]); 264*62c56f98SSadaf Ebrahimi MBEDTLS_X509_SAFE_SNPRINTF; 265*62c56f98SSadaf Ebrahimi } 266*62c56f98SSadaf Ebrahimi } 267*62c56f98SSadaf Ebrahimi break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */ 268*62c56f98SSadaf Ebrahimi case (MBEDTLS_X509_SAN_DNS_NAME): 269*62c56f98SSadaf Ebrahimi ret = mbedtls_snprintf(p, n, "\ndNSName : "); 270*62c56f98SSadaf Ebrahimi MBEDTLS_X509_SAFE_SNPRINTF; 271*62c56f98SSadaf Ebrahimi if (san->san.unstructured_name.len >= n) { 272*62c56f98SSadaf Ebrahimi *p = '\0'; 273*62c56f98SSadaf Ebrahimi return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; 274*62c56f98SSadaf Ebrahimi } 275*62c56f98SSadaf Ebrahimi n -= san->san.unstructured_name.len; 276*62c56f98SSadaf Ebrahimi for (i = 0; i < san->san.unstructured_name.len; i++) { 277*62c56f98SSadaf Ebrahimi *p++ = san->san.unstructured_name.p[i]; 278*62c56f98SSadaf Ebrahimi } 279*62c56f98SSadaf Ebrahimi break;/* MBEDTLS_X509_SAN_DNS_NAME */ 280*62c56f98SSadaf Ebrahimi case (MBEDTLS_X509_SAN_RFC822_NAME): 281*62c56f98SSadaf Ebrahimi ret = mbedtls_snprintf(p, n, "\nrfc822Name : "); 282*62c56f98SSadaf Ebrahimi MBEDTLS_X509_SAFE_SNPRINTF; 283*62c56f98SSadaf Ebrahimi if (san->san.unstructured_name.len >= n) { 284*62c56f98SSadaf Ebrahimi *p = '\0'; 285*62c56f98SSadaf Ebrahimi return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; 286*62c56f98SSadaf Ebrahimi } 287*62c56f98SSadaf Ebrahimi n -= san->san.unstructured_name.len; 288*62c56f98SSadaf Ebrahimi for (i = 0; i < san->san.unstructured_name.len; i++) { 289*62c56f98SSadaf Ebrahimi *p++ = san->san.unstructured_name.p[i]; 290*62c56f98SSadaf Ebrahimi } 291*62c56f98SSadaf Ebrahimi break;/* MBEDTLS_X509_SAN_RFC822_NAME */ 292*62c56f98SSadaf Ebrahimi case (MBEDTLS_X509_SAN_DIRECTORY_NAME): 293*62c56f98SSadaf Ebrahimi ret = mbedtls_snprintf(p, n, "\ndirectoryName : "); 294*62c56f98SSadaf Ebrahimi MBEDTLS_X509_SAFE_SNPRINTF; 295*62c56f98SSadaf Ebrahimi ret = mbedtls_x509_dn_gets(p, n, &san->san.directory_name); 296*62c56f98SSadaf Ebrahimi if (ret < 0) { 297*62c56f98SSadaf Ebrahimi return ret; 298*62c56f98SSadaf Ebrahimi } 299*62c56f98SSadaf Ebrahimi 300*62c56f98SSadaf Ebrahimi p += ret; 301*62c56f98SSadaf Ebrahimi n -= ret; 302*62c56f98SSadaf Ebrahimi break;/* MBEDTLS_X509_SAN_DIRECTORY_NAME */ 303*62c56f98SSadaf Ebrahimi default: 304*62c56f98SSadaf Ebrahimi /* 305*62c56f98SSadaf Ebrahimi * Should not happen. 306*62c56f98SSadaf Ebrahimi */ 307*62c56f98SSadaf Ebrahimi return -1; 308*62c56f98SSadaf Ebrahimi } 309*62c56f98SSadaf Ebrahimi ret = mbedtls_snprintf(p, n, "\n"); 310*62c56f98SSadaf Ebrahimi MBEDTLS_X509_SAFE_SNPRINTF; 311*62c56f98SSadaf Ebrahimi 312*62c56f98SSadaf Ebrahimi *size = n; 313*62c56f98SSadaf Ebrahimi *buf = p; 314*62c56f98SSadaf Ebrahimi 315*62c56f98SSadaf Ebrahimi return 0; 316*62c56f98SSadaf Ebrahimi} 317*62c56f98SSadaf Ebrahimi 318*62c56f98SSadaf Ebrahimiint parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, 319*62c56f98SSadaf Ebrahimi int critical, const unsigned char *cp, const unsigned char *end) 320*62c56f98SSadaf Ebrahimi{ 321*62c56f98SSadaf Ebrahimi (void) crt; 322*62c56f98SSadaf Ebrahimi (void) critical; 323*62c56f98SSadaf Ebrahimi mbedtls_x509_buf *new_oid = (mbedtls_x509_buf *) p_ctx; 324*62c56f98SSadaf Ebrahimi if (oid->tag == MBEDTLS_ASN1_OID && 325*62c56f98SSadaf Ebrahimi MBEDTLS_OID_CMP(MBEDTLS_OID_CERTIFICATE_POLICIES, oid) == 0) { 326*62c56f98SSadaf Ebrahimi /* Handle unknown certificate policy */ 327*62c56f98SSadaf Ebrahimi int ret, parse_ret = 0; 328*62c56f98SSadaf Ebrahimi size_t len; 329*62c56f98SSadaf Ebrahimi unsigned char **p = (unsigned char **) &cp; 330*62c56f98SSadaf Ebrahimi 331*62c56f98SSadaf Ebrahimi /* Get main sequence tag */ 332*62c56f98SSadaf Ebrahimi ret = mbedtls_asn1_get_tag(p, end, &len, 333*62c56f98SSadaf Ebrahimi MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); 334*62c56f98SSadaf Ebrahimi if (ret != 0) { 335*62c56f98SSadaf Ebrahimi return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 336*62c56f98SSadaf Ebrahimi } 337*62c56f98SSadaf Ebrahimi 338*62c56f98SSadaf Ebrahimi if (*p + len != end) { 339*62c56f98SSadaf Ebrahimi return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 340*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 341*62c56f98SSadaf Ebrahimi } 342*62c56f98SSadaf Ebrahimi 343*62c56f98SSadaf Ebrahimi /* 344*62c56f98SSadaf Ebrahimi * Cannot be an empty sequence. 345*62c56f98SSadaf Ebrahimi */ 346*62c56f98SSadaf Ebrahimi if (len == 0) { 347*62c56f98SSadaf Ebrahimi return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 348*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 349*62c56f98SSadaf Ebrahimi } 350*62c56f98SSadaf Ebrahimi 351*62c56f98SSadaf Ebrahimi while (*p < end) { 352*62c56f98SSadaf Ebrahimi const unsigned char *policy_end; 353*62c56f98SSadaf Ebrahimi 354*62c56f98SSadaf Ebrahimi /* 355*62c56f98SSadaf Ebrahimi * Get the policy sequence 356*62c56f98SSadaf Ebrahimi */ 357*62c56f98SSadaf Ebrahimi if ((ret = mbedtls_asn1_get_tag(p, end, &len, 358*62c56f98SSadaf Ebrahimi MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 359*62c56f98SSadaf Ebrahimi 0) { 360*62c56f98SSadaf Ebrahimi return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 361*62c56f98SSadaf Ebrahimi } 362*62c56f98SSadaf Ebrahimi 363*62c56f98SSadaf Ebrahimi policy_end = *p + len; 364*62c56f98SSadaf Ebrahimi 365*62c56f98SSadaf Ebrahimi if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, 366*62c56f98SSadaf Ebrahimi MBEDTLS_ASN1_OID)) != 0) { 367*62c56f98SSadaf Ebrahimi return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 368*62c56f98SSadaf Ebrahimi } 369*62c56f98SSadaf Ebrahimi 370*62c56f98SSadaf Ebrahimi /* 371*62c56f98SSadaf Ebrahimi * Recognize exclusively the policy with OID 1 372*62c56f98SSadaf Ebrahimi */ 373*62c56f98SSadaf Ebrahimi if (len != 1 || *p[0] != 1) { 374*62c56f98SSadaf Ebrahimi parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; 375*62c56f98SSadaf Ebrahimi } 376*62c56f98SSadaf Ebrahimi 377*62c56f98SSadaf Ebrahimi *p += len; 378*62c56f98SSadaf Ebrahimi 379*62c56f98SSadaf Ebrahimi /* 380*62c56f98SSadaf Ebrahimi * If there is an optional qualifier, then *p < policy_end 381*62c56f98SSadaf Ebrahimi * Check the Qualifier len to verify it doesn't exceed policy_end. 382*62c56f98SSadaf Ebrahimi */ 383*62c56f98SSadaf Ebrahimi if (*p < policy_end) { 384*62c56f98SSadaf Ebrahimi if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, 385*62c56f98SSadaf Ebrahimi MBEDTLS_ASN1_CONSTRUCTED | 386*62c56f98SSadaf Ebrahimi MBEDTLS_ASN1_SEQUENCE)) != 0) { 387*62c56f98SSadaf Ebrahimi return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 388*62c56f98SSadaf Ebrahimi } 389*62c56f98SSadaf Ebrahimi /* 390*62c56f98SSadaf Ebrahimi * Skip the optional policy qualifiers. 391*62c56f98SSadaf Ebrahimi */ 392*62c56f98SSadaf Ebrahimi *p += len; 393*62c56f98SSadaf Ebrahimi } 394*62c56f98SSadaf Ebrahimi 395*62c56f98SSadaf Ebrahimi if (*p != policy_end) { 396*62c56f98SSadaf Ebrahimi return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 397*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 398*62c56f98SSadaf Ebrahimi } 399*62c56f98SSadaf Ebrahimi } 400*62c56f98SSadaf Ebrahimi 401*62c56f98SSadaf Ebrahimi if (*p != end) { 402*62c56f98SSadaf Ebrahimi return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 403*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 404*62c56f98SSadaf Ebrahimi } 405*62c56f98SSadaf Ebrahimi 406*62c56f98SSadaf Ebrahimi return parse_ret; 407*62c56f98SSadaf Ebrahimi } else if (new_oid != NULL && new_oid->tag == oid->tag && new_oid->len == oid->len && 408*62c56f98SSadaf Ebrahimi memcmp(new_oid->p, oid->p, oid->len) == 0) { 409*62c56f98SSadaf Ebrahimi return 0; 410*62c56f98SSadaf Ebrahimi } else { 411*62c56f98SSadaf Ebrahimi return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 412*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); 413*62c56f98SSadaf Ebrahimi } 414*62c56f98SSadaf Ebrahimi} 415*62c56f98SSadaf Ebrahimi#endif /* MBEDTLS_X509_CRT_PARSE_C */ 416*62c56f98SSadaf Ebrahimi/* END_HEADER */ 417*62c56f98SSadaf Ebrahimi 418*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ 419*62c56f98SSadaf Ebrahimivoid x509_accessor_ext_types(int ext_type, int has_ext_type) 420*62c56f98SSadaf Ebrahimi{ 421*62c56f98SSadaf Ebrahimi mbedtls_x509_crt crt; 422*62c56f98SSadaf Ebrahimi int expected_result = ext_type & has_ext_type; 423*62c56f98SSadaf Ebrahimi 424*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 425*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 426*62c56f98SSadaf Ebrahimi 427*62c56f98SSadaf Ebrahimi crt.ext_types = ext_type; 428*62c56f98SSadaf Ebrahimi 429*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_has_ext_type(&crt, has_ext_type), expected_result); 430*62c56f98SSadaf Ebrahimi 431*62c56f98SSadaf Ebrahimiexit: 432*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 433*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 434*62c56f98SSadaf Ebrahimi} 435*62c56f98SSadaf Ebrahimi/* END_CASE */ 436*62c56f98SSadaf Ebrahimi 437*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_TEST_HOOKS */ 438*62c56f98SSadaf Ebrahimivoid x509_crt_parse_cn_inet_pton(const char *cn, data_t *exp, int ref_ret) 439*62c56f98SSadaf Ebrahimi{ 440*62c56f98SSadaf Ebrahimi uint32_t addr[4]; 441*62c56f98SSadaf Ebrahimi size_t addrlen = mbedtls_x509_crt_parse_cn_inet_pton(cn, addr); 442*62c56f98SSadaf Ebrahimi TEST_EQUAL(addrlen, (size_t) ref_ret); 443*62c56f98SSadaf Ebrahimi 444*62c56f98SSadaf Ebrahimi if (addrlen) { 445*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(exp->x, exp->len, addr, addrlen); 446*62c56f98SSadaf Ebrahimi } 447*62c56f98SSadaf Ebrahimi} 448*62c56f98SSadaf Ebrahimi/* END_CASE */ 449*62c56f98SSadaf Ebrahimi 450*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 451*62c56f98SSadaf Ebrahimivoid x509_parse_san(char *crt_file, char *result_str, int parse_result) 452*62c56f98SSadaf Ebrahimi{ 453*62c56f98SSadaf Ebrahimi int ret; 454*62c56f98SSadaf Ebrahimi mbedtls_x509_crt crt; 455*62c56f98SSadaf Ebrahimi mbedtls_x509_subject_alternative_name san; 456*62c56f98SSadaf Ebrahimi mbedtls_x509_sequence *cur = NULL; 457*62c56f98SSadaf Ebrahimi char buf[2000]; 458*62c56f98SSadaf Ebrahimi char *p = buf; 459*62c56f98SSadaf Ebrahimi size_t n = sizeof(buf); 460*62c56f98SSadaf Ebrahimi 461*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 462*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 463*62c56f98SSadaf Ebrahimi memset(buf, 0, 2000); 464*62c56f98SSadaf Ebrahimi 465*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), parse_result); 466*62c56f98SSadaf Ebrahimi 467*62c56f98SSadaf Ebrahimi if (parse_result != 0) { 468*62c56f98SSadaf Ebrahimi goto exit; 469*62c56f98SSadaf Ebrahimi } 470*62c56f98SSadaf Ebrahimi if (crt.ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { 471*62c56f98SSadaf Ebrahimi cur = &crt.subject_alt_names; 472*62c56f98SSadaf Ebrahimi while (cur != NULL) { 473*62c56f98SSadaf Ebrahimi ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san); 474*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE); 475*62c56f98SSadaf Ebrahimi /* 476*62c56f98SSadaf Ebrahimi * If san type not supported, ignore. 477*62c56f98SSadaf Ebrahimi */ 478*62c56f98SSadaf Ebrahimi if (ret == 0) { 479*62c56f98SSadaf Ebrahimi ret = verify_parse_san(&san, &p, &n); 480*62c56f98SSadaf Ebrahimi mbedtls_x509_free_subject_alt_name(&san); 481*62c56f98SSadaf Ebrahimi TEST_EQUAL(ret, 0); 482*62c56f98SSadaf Ebrahimi } 483*62c56f98SSadaf Ebrahimi cur = cur->next; 484*62c56f98SSadaf Ebrahimi } 485*62c56f98SSadaf Ebrahimi } 486*62c56f98SSadaf Ebrahimi 487*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp(buf, result_str), 0); 488*62c56f98SSadaf Ebrahimi 489*62c56f98SSadaf Ebrahimiexit: 490*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 491*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 492*62c56f98SSadaf Ebrahimi} 493*62c56f98SSadaf Ebrahimi/* END_CASE */ 494*62c56f98SSadaf Ebrahimi 495*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_X509_CRT_PARSE_C */ 496*62c56f98SSadaf Ebrahimivoid x509_cert_info(char *crt_file, char *result_str) 497*62c56f98SSadaf Ebrahimi{ 498*62c56f98SSadaf Ebrahimi mbedtls_x509_crt crt; 499*62c56f98SSadaf Ebrahimi char buf[2000]; 500*62c56f98SSadaf Ebrahimi int res; 501*62c56f98SSadaf Ebrahimi 502*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 503*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 504*62c56f98SSadaf Ebrahimi memset(buf, 0, 2000); 505*62c56f98SSadaf Ebrahimi 506*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 507*62c56f98SSadaf Ebrahimi res = mbedtls_x509_crt_info(buf, 2000, "", &crt); 508*62c56f98SSadaf Ebrahimi 509*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -1); 510*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -2); 511*62c56f98SSadaf Ebrahimi 512*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp(buf, result_str), 0); 513*62c56f98SSadaf Ebrahimi 514*62c56f98SSadaf Ebrahimiexit: 515*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 516*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 517*62c56f98SSadaf Ebrahimi} 518*62c56f98SSadaf Ebrahimi/* END_CASE */ 519*62c56f98SSadaf Ebrahimi 520*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ 521*62c56f98SSadaf Ebrahimivoid mbedtls_x509_crl_info(char *crl_file, char *result_str) 522*62c56f98SSadaf Ebrahimi{ 523*62c56f98SSadaf Ebrahimi mbedtls_x509_crl crl; 524*62c56f98SSadaf Ebrahimi char buf[2000]; 525*62c56f98SSadaf Ebrahimi int res; 526*62c56f98SSadaf Ebrahimi 527*62c56f98SSadaf Ebrahimi mbedtls_x509_crl_init(&crl); 528*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 529*62c56f98SSadaf Ebrahimi memset(buf, 0, 2000); 530*62c56f98SSadaf Ebrahimi 531*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0); 532*62c56f98SSadaf Ebrahimi res = mbedtls_x509_crl_info(buf, 2000, "", &crl); 533*62c56f98SSadaf Ebrahimi 534*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -1); 535*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -2); 536*62c56f98SSadaf Ebrahimi 537*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp(buf, result_str), 0); 538*62c56f98SSadaf Ebrahimi 539*62c56f98SSadaf Ebrahimiexit: 540*62c56f98SSadaf Ebrahimi mbedtls_x509_crl_free(&crl); 541*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 542*62c56f98SSadaf Ebrahimi} 543*62c56f98SSadaf Ebrahimi/* END_CASE */ 544*62c56f98SSadaf Ebrahimi 545*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */ 546*62c56f98SSadaf Ebrahimivoid mbedtls_x509_crl_parse(char *crl_file, int result) 547*62c56f98SSadaf Ebrahimi{ 548*62c56f98SSadaf Ebrahimi mbedtls_x509_crl crl; 549*62c56f98SSadaf Ebrahimi char buf[2000]; 550*62c56f98SSadaf Ebrahimi 551*62c56f98SSadaf Ebrahimi mbedtls_x509_crl_init(&crl); 552*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 553*62c56f98SSadaf Ebrahimi memset(buf, 0, 2000); 554*62c56f98SSadaf Ebrahimi 555*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), result); 556*62c56f98SSadaf Ebrahimi 557*62c56f98SSadaf Ebrahimiexit: 558*62c56f98SSadaf Ebrahimi mbedtls_x509_crl_free(&crl); 559*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 560*62c56f98SSadaf Ebrahimi} 561*62c56f98SSadaf Ebrahimi/* END_CASE */ 562*62c56f98SSadaf Ebrahimi 563*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ 564*62c56f98SSadaf Ebrahimivoid mbedtls_x509_csr_info(char *csr_file, char *result_str) 565*62c56f98SSadaf Ebrahimi{ 566*62c56f98SSadaf Ebrahimi mbedtls_x509_csr csr; 567*62c56f98SSadaf Ebrahimi char buf[2000]; 568*62c56f98SSadaf Ebrahimi int res; 569*62c56f98SSadaf Ebrahimi 570*62c56f98SSadaf Ebrahimi mbedtls_x509_csr_init(&csr); 571*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 572*62c56f98SSadaf Ebrahimi memset(buf, 0, 2000); 573*62c56f98SSadaf Ebrahimi 574*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_csr_parse_file(&csr, csr_file), 0); 575*62c56f98SSadaf Ebrahimi res = mbedtls_x509_csr_info(buf, 2000, "", &csr); 576*62c56f98SSadaf Ebrahimi 577*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -1); 578*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -2); 579*62c56f98SSadaf Ebrahimi 580*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp(buf, result_str), 0); 581*62c56f98SSadaf Ebrahimi 582*62c56f98SSadaf Ebrahimiexit: 583*62c56f98SSadaf Ebrahimi mbedtls_x509_csr_free(&csr); 584*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 585*62c56f98SSadaf Ebrahimi} 586*62c56f98SSadaf Ebrahimi/* END_CASE */ 587*62c56f98SSadaf Ebrahimi 588*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ 589*62c56f98SSadaf Ebrahimivoid x509_verify_info(int flags, char *prefix, char *result_str) 590*62c56f98SSadaf Ebrahimi{ 591*62c56f98SSadaf Ebrahimi char buf[2000]; 592*62c56f98SSadaf Ebrahimi int res; 593*62c56f98SSadaf Ebrahimi 594*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 595*62c56f98SSadaf Ebrahimi memset(buf, 0, sizeof(buf)); 596*62c56f98SSadaf Ebrahimi 597*62c56f98SSadaf Ebrahimi res = mbedtls_x509_crt_verify_info(buf, sizeof(buf), prefix, flags); 598*62c56f98SSadaf Ebrahimi 599*62c56f98SSadaf Ebrahimi TEST_ASSERT(res >= 0); 600*62c56f98SSadaf Ebrahimi 601*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp(buf, result_str), 0); 602*62c56f98SSadaf Ebrahimi 603*62c56f98SSadaf Ebrahimiexit: 604*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 605*62c56f98SSadaf Ebrahimi} 606*62c56f98SSadaf Ebrahimi/* END_CASE */ 607*62c56f98SSadaf Ebrahimi 608*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */ 609*62c56f98SSadaf Ebrahimivoid x509_verify_restart(char *crt_file, char *ca_file, 610*62c56f98SSadaf Ebrahimi int result, int flags_result, 611*62c56f98SSadaf Ebrahimi int max_ops, int min_restart, int max_restart) 612*62c56f98SSadaf Ebrahimi{ 613*62c56f98SSadaf Ebrahimi int ret, cnt_restart; 614*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_restart_ctx rs_ctx; 615*62c56f98SSadaf Ebrahimi mbedtls_x509_crt crt; 616*62c56f98SSadaf Ebrahimi mbedtls_x509_crt ca; 617*62c56f98SSadaf Ebrahimi uint32_t flags = 0; 618*62c56f98SSadaf Ebrahimi 619*62c56f98SSadaf Ebrahimi /* 620*62c56f98SSadaf Ebrahimi * See comments on ecp_test_vect_restart() for op count precision. 621*62c56f98SSadaf Ebrahimi * 622*62c56f98SSadaf Ebrahimi * For reference, with Mbed TLS 2.6 and default settings: 623*62c56f98SSadaf Ebrahimi * - ecdsa_verify() for P-256: ~ 6700 624*62c56f98SSadaf Ebrahimi * - ecdsa_verify() for P-384: ~ 18800 625*62c56f98SSadaf Ebrahimi * - x509_verify() for server5 -> test-ca2: ~ 18800 626*62c56f98SSadaf Ebrahimi * - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500 627*62c56f98SSadaf Ebrahimi */ 628*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_restart_init(&rs_ctx); 629*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 630*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&ca); 631*62c56f98SSadaf Ebrahimi MD_OR_USE_PSA_INIT(); 632*62c56f98SSadaf Ebrahimi 633*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 634*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); 635*62c56f98SSadaf Ebrahimi 636*62c56f98SSadaf Ebrahimi mbedtls_ecp_set_max_ops(max_ops); 637*62c56f98SSadaf Ebrahimi 638*62c56f98SSadaf Ebrahimi cnt_restart = 0; 639*62c56f98SSadaf Ebrahimi do { 640*62c56f98SSadaf Ebrahimi ret = mbedtls_x509_crt_verify_restartable(&crt, &ca, NULL, 641*62c56f98SSadaf Ebrahimi &mbedtls_x509_crt_profile_default, NULL, &flags, 642*62c56f98SSadaf Ebrahimi NULL, NULL, &rs_ctx); 643*62c56f98SSadaf Ebrahimi } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 644*62c56f98SSadaf Ebrahimi 645*62c56f98SSadaf Ebrahimi TEST_EQUAL(ret, result); 646*62c56f98SSadaf Ebrahimi TEST_EQUAL(flags, (uint32_t) flags_result); 647*62c56f98SSadaf Ebrahimi 648*62c56f98SSadaf Ebrahimi TEST_ASSERT(cnt_restart >= min_restart); 649*62c56f98SSadaf Ebrahimi TEST_ASSERT(cnt_restart <= max_restart); 650*62c56f98SSadaf Ebrahimi 651*62c56f98SSadaf Ebrahimi /* Do we leak memory when aborting? */ 652*62c56f98SSadaf Ebrahimi ret = mbedtls_x509_crt_verify_restartable(&crt, &ca, NULL, 653*62c56f98SSadaf Ebrahimi &mbedtls_x509_crt_profile_default, NULL, &flags, 654*62c56f98SSadaf Ebrahimi NULL, NULL, &rs_ctx); 655*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS); 656*62c56f98SSadaf Ebrahimi 657*62c56f98SSadaf Ebrahimiexit: 658*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_restart_free(&rs_ctx); 659*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 660*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&ca); 661*62c56f98SSadaf Ebrahimi MD_OR_USE_PSA_DONE(); 662*62c56f98SSadaf Ebrahimi} 663*62c56f98SSadaf Ebrahimi/* END_CASE */ 664*62c56f98SSadaf Ebrahimi 665*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */ 666*62c56f98SSadaf Ebrahimivoid x509_verify(char *crt_file, char *ca_file, char *crl_file, 667*62c56f98SSadaf Ebrahimi char *cn_name_str, int result, int flags_result, 668*62c56f98SSadaf Ebrahimi char *profile_str, 669*62c56f98SSadaf Ebrahimi char *verify_callback) 670*62c56f98SSadaf Ebrahimi{ 671*62c56f98SSadaf Ebrahimi mbedtls_x509_crt crt; 672*62c56f98SSadaf Ebrahimi mbedtls_x509_crt ca; 673*62c56f98SSadaf Ebrahimi mbedtls_x509_crl crl; 674*62c56f98SSadaf Ebrahimi uint32_t flags = 0; 675*62c56f98SSadaf Ebrahimi int res; 676*62c56f98SSadaf Ebrahimi int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL; 677*62c56f98SSadaf Ebrahimi char *cn_name = NULL; 678*62c56f98SSadaf Ebrahimi const mbedtls_x509_crt_profile *profile; 679*62c56f98SSadaf Ebrahimi 680*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 681*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&ca); 682*62c56f98SSadaf Ebrahimi mbedtls_x509_crl_init(&crl); 683*62c56f98SSadaf Ebrahimi MD_OR_USE_PSA_INIT(); 684*62c56f98SSadaf Ebrahimi 685*62c56f98SSadaf Ebrahimi if (strcmp(cn_name_str, "NULL") != 0) { 686*62c56f98SSadaf Ebrahimi cn_name = cn_name_str; 687*62c56f98SSadaf Ebrahimi } 688*62c56f98SSadaf Ebrahimi 689*62c56f98SSadaf Ebrahimi if (strcmp(profile_str, "") == 0) { 690*62c56f98SSadaf Ebrahimi profile = &mbedtls_x509_crt_profile_default; 691*62c56f98SSadaf Ebrahimi } else if (strcmp(profile_str, "next") == 0) { 692*62c56f98SSadaf Ebrahimi profile = &mbedtls_x509_crt_profile_next; 693*62c56f98SSadaf Ebrahimi } else if (strcmp(profile_str, "suite_b") == 0) { 694*62c56f98SSadaf Ebrahimi profile = &mbedtls_x509_crt_profile_suiteb; 695*62c56f98SSadaf Ebrahimi } else if (strcmp(profile_str, "compat") == 0) { 696*62c56f98SSadaf Ebrahimi profile = &compat_profile; 697*62c56f98SSadaf Ebrahimi } else if (strcmp(profile_str, "all") == 0) { 698*62c56f98SSadaf Ebrahimi profile = &profile_all; 699*62c56f98SSadaf Ebrahimi } else { 700*62c56f98SSadaf Ebrahimi TEST_FAIL("Unknown algorithm profile"); 701*62c56f98SSadaf Ebrahimi } 702*62c56f98SSadaf Ebrahimi 703*62c56f98SSadaf Ebrahimi if (strcmp(verify_callback, "NULL") == 0) { 704*62c56f98SSadaf Ebrahimi f_vrfy = NULL; 705*62c56f98SSadaf Ebrahimi } else if (strcmp(verify_callback, "verify_none") == 0) { 706*62c56f98SSadaf Ebrahimi f_vrfy = verify_none; 707*62c56f98SSadaf Ebrahimi } else if (strcmp(verify_callback, "verify_all") == 0) { 708*62c56f98SSadaf Ebrahimi f_vrfy = verify_all; 709*62c56f98SSadaf Ebrahimi } else { 710*62c56f98SSadaf Ebrahimi TEST_FAIL("No known verify callback selected"); 711*62c56f98SSadaf Ebrahimi } 712*62c56f98SSadaf Ebrahimi 713*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 714*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); 715*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0); 716*62c56f98SSadaf Ebrahimi 717*62c56f98SSadaf Ebrahimi res = mbedtls_x509_crt_verify_with_profile(&crt, 718*62c56f98SSadaf Ebrahimi &ca, 719*62c56f98SSadaf Ebrahimi &crl, 720*62c56f98SSadaf Ebrahimi profile, 721*62c56f98SSadaf Ebrahimi cn_name, 722*62c56f98SSadaf Ebrahimi &flags, 723*62c56f98SSadaf Ebrahimi f_vrfy, 724*62c56f98SSadaf Ebrahimi NULL); 725*62c56f98SSadaf Ebrahimi 726*62c56f98SSadaf Ebrahimi TEST_EQUAL(res, result); 727*62c56f98SSadaf Ebrahimi TEST_EQUAL(flags, (uint32_t) flags_result); 728*62c56f98SSadaf Ebrahimi 729*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 730*62c56f98SSadaf Ebrahimi /* CRLs aren't supported with CA callbacks, so skip the CA callback 731*62c56f98SSadaf Ebrahimi * version of the test if CRLs are in use. */ 732*62c56f98SSadaf Ebrahimi if (crl_file == NULL || strcmp(crl_file, "") == 0) { 733*62c56f98SSadaf Ebrahimi flags = 0; 734*62c56f98SSadaf Ebrahimi 735*62c56f98SSadaf Ebrahimi res = mbedtls_x509_crt_verify_with_ca_cb(&crt, 736*62c56f98SSadaf Ebrahimi ca_callback, 737*62c56f98SSadaf Ebrahimi &ca, 738*62c56f98SSadaf Ebrahimi profile, 739*62c56f98SSadaf Ebrahimi cn_name, 740*62c56f98SSadaf Ebrahimi &flags, 741*62c56f98SSadaf Ebrahimi f_vrfy, 742*62c56f98SSadaf Ebrahimi NULL); 743*62c56f98SSadaf Ebrahimi 744*62c56f98SSadaf Ebrahimi TEST_EQUAL(res, result); 745*62c56f98SSadaf Ebrahimi TEST_EQUAL(flags, (uint32_t) (flags_result)); 746*62c56f98SSadaf Ebrahimi } 747*62c56f98SSadaf Ebrahimi#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 748*62c56f98SSadaf Ebrahimiexit: 749*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 750*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&ca); 751*62c56f98SSadaf Ebrahimi mbedtls_x509_crl_free(&crl); 752*62c56f98SSadaf Ebrahimi MD_OR_USE_PSA_DONE(); 753*62c56f98SSadaf Ebrahimi} 754*62c56f98SSadaf Ebrahimi/* END_CASE */ 755*62c56f98SSadaf Ebrahimi 756*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 757*62c56f98SSadaf Ebrahimivoid x509_verify_ca_cb_failure(char *crt_file, char *ca_file, char *name, 758*62c56f98SSadaf Ebrahimi int exp_ret) 759*62c56f98SSadaf Ebrahimi{ 760*62c56f98SSadaf Ebrahimi int ret; 761*62c56f98SSadaf Ebrahimi mbedtls_x509_crt crt; 762*62c56f98SSadaf Ebrahimi mbedtls_x509_crt ca; 763*62c56f98SSadaf Ebrahimi uint32_t flags = 0; 764*62c56f98SSadaf Ebrahimi 765*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 766*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&ca); 767*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 768*62c56f98SSadaf Ebrahimi 769*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 770*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); 771*62c56f98SSadaf Ebrahimi 772*62c56f98SSadaf Ebrahimi if (strcmp(name, "NULL") == 0) { 773*62c56f98SSadaf Ebrahimi name = NULL; 774*62c56f98SSadaf Ebrahimi } 775*62c56f98SSadaf Ebrahimi 776*62c56f98SSadaf Ebrahimi ret = mbedtls_x509_crt_verify_with_ca_cb(&crt, ca_callback_fail, &ca, 777*62c56f98SSadaf Ebrahimi &compat_profile, name, &flags, 778*62c56f98SSadaf Ebrahimi NULL, NULL); 779*62c56f98SSadaf Ebrahimi 780*62c56f98SSadaf Ebrahimi TEST_EQUAL(ret, exp_ret); 781*62c56f98SSadaf Ebrahimi TEST_EQUAL(flags, (uint32_t) (-1)); 782*62c56f98SSadaf Ebrahimiexit: 783*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 784*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&ca); 785*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 786*62c56f98SSadaf Ebrahimi} 787*62c56f98SSadaf Ebrahimi/* END_CASE */ 788*62c56f98SSadaf Ebrahimi 789*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 790*62c56f98SSadaf Ebrahimivoid x509_verify_callback(char *crt_file, char *ca_file, char *name, 791*62c56f98SSadaf Ebrahimi int exp_ret, char *exp_vrfy_out) 792*62c56f98SSadaf Ebrahimi{ 793*62c56f98SSadaf Ebrahimi int ret; 794*62c56f98SSadaf Ebrahimi mbedtls_x509_crt crt; 795*62c56f98SSadaf Ebrahimi mbedtls_x509_crt ca; 796*62c56f98SSadaf Ebrahimi uint32_t flags = 0; 797*62c56f98SSadaf Ebrahimi verify_print_context vrfy_ctx; 798*62c56f98SSadaf Ebrahimi 799*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 800*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&ca); 801*62c56f98SSadaf Ebrahimi MD_OR_USE_PSA_INIT(); 802*62c56f98SSadaf Ebrahimi 803*62c56f98SSadaf Ebrahimi verify_print_init(&vrfy_ctx); 804*62c56f98SSadaf Ebrahimi 805*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 806*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); 807*62c56f98SSadaf Ebrahimi 808*62c56f98SSadaf Ebrahimi if (strcmp(name, "NULL") == 0) { 809*62c56f98SSadaf Ebrahimi name = NULL; 810*62c56f98SSadaf Ebrahimi } 811*62c56f98SSadaf Ebrahimi 812*62c56f98SSadaf Ebrahimi ret = mbedtls_x509_crt_verify_with_profile(&crt, &ca, NULL, 813*62c56f98SSadaf Ebrahimi &compat_profile, 814*62c56f98SSadaf Ebrahimi name, &flags, 815*62c56f98SSadaf Ebrahimi verify_print, &vrfy_ctx); 816*62c56f98SSadaf Ebrahimi 817*62c56f98SSadaf Ebrahimi TEST_EQUAL(ret, exp_ret); 818*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp(vrfy_ctx.buf, exp_vrfy_out), 0); 819*62c56f98SSadaf Ebrahimi 820*62c56f98SSadaf Ebrahimiexit: 821*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 822*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&ca); 823*62c56f98SSadaf Ebrahimi MD_OR_USE_PSA_DONE(); 824*62c56f98SSadaf Ebrahimi} 825*62c56f98SSadaf Ebrahimi/* END_CASE */ 826*62c56f98SSadaf Ebrahimi 827*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ 828*62c56f98SSadaf Ebrahimivoid mbedtls_x509_dn_gets_subject_replace(char *crt_file, 829*62c56f98SSadaf Ebrahimi char *new_subject_ou, 830*62c56f98SSadaf Ebrahimi char *result_str, 831*62c56f98SSadaf Ebrahimi int ret) 832*62c56f98SSadaf Ebrahimi{ 833*62c56f98SSadaf Ebrahimi mbedtls_x509_crt crt; 834*62c56f98SSadaf Ebrahimi char buf[2000]; 835*62c56f98SSadaf Ebrahimi int res = 0; 836*62c56f98SSadaf Ebrahimi 837*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 838*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 839*62c56f98SSadaf Ebrahimi 840*62c56f98SSadaf Ebrahimi memset(buf, 0, 2000); 841*62c56f98SSadaf Ebrahimi 842*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 843*62c56f98SSadaf Ebrahimi crt.subject.next->val.p = (unsigned char *) new_subject_ou; 844*62c56f98SSadaf Ebrahimi crt.subject.next->val.len = strlen(new_subject_ou); 845*62c56f98SSadaf Ebrahimi 846*62c56f98SSadaf Ebrahimi res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject); 847*62c56f98SSadaf Ebrahimi 848*62c56f98SSadaf Ebrahimi if (ret != 0) { 849*62c56f98SSadaf Ebrahimi TEST_EQUAL(res, ret); 850*62c56f98SSadaf Ebrahimi } else { 851*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -1); 852*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -2); 853*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp(buf, result_str), 0); 854*62c56f98SSadaf Ebrahimi } 855*62c56f98SSadaf Ebrahimiexit: 856*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 857*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 858*62c56f98SSadaf Ebrahimi} 859*62c56f98SSadaf Ebrahimi/* END_CASE */ 860*62c56f98SSadaf Ebrahimi 861*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ 862*62c56f98SSadaf Ebrahimivoid mbedtls_x509_dn_gets(char *crt_file, char *entity, char *result_str) 863*62c56f98SSadaf Ebrahimi{ 864*62c56f98SSadaf Ebrahimi mbedtls_x509_crt crt; 865*62c56f98SSadaf Ebrahimi char buf[2000]; 866*62c56f98SSadaf Ebrahimi int res = 0; 867*62c56f98SSadaf Ebrahimi 868*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 869*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 870*62c56f98SSadaf Ebrahimi 871*62c56f98SSadaf Ebrahimi memset(buf, 0, 2000); 872*62c56f98SSadaf Ebrahimi 873*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 874*62c56f98SSadaf Ebrahimi if (strcmp(entity, "subject") == 0) { 875*62c56f98SSadaf Ebrahimi res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject); 876*62c56f98SSadaf Ebrahimi } else if (strcmp(entity, "issuer") == 0) { 877*62c56f98SSadaf Ebrahimi res = mbedtls_x509_dn_gets(buf, 2000, &crt.issuer); 878*62c56f98SSadaf Ebrahimi } else { 879*62c56f98SSadaf Ebrahimi TEST_FAIL("Unknown entity"); 880*62c56f98SSadaf Ebrahimi } 881*62c56f98SSadaf Ebrahimi 882*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -1); 883*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -2); 884*62c56f98SSadaf Ebrahimi 885*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp(buf, result_str), 0); 886*62c56f98SSadaf Ebrahimi 887*62c56f98SSadaf Ebrahimiexit: 888*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 889*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 890*62c56f98SSadaf Ebrahimi} 891*62c56f98SSadaf Ebrahimi/* END_CASE */ 892*62c56f98SSadaf Ebrahimi 893*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ 894*62c56f98SSadaf Ebrahimivoid mbedtls_x509_get_name(char *rdn_sequence, int exp_ret) 895*62c56f98SSadaf Ebrahimi{ 896*62c56f98SSadaf Ebrahimi unsigned char *name = NULL; 897*62c56f98SSadaf Ebrahimi unsigned char *p; 898*62c56f98SSadaf Ebrahimi size_t name_len; 899*62c56f98SSadaf Ebrahimi mbedtls_x509_name head; 900*62c56f98SSadaf Ebrahimi int ret; 901*62c56f98SSadaf Ebrahimi 902*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 903*62c56f98SSadaf Ebrahimi memset(&head, 0, sizeof(head)); 904*62c56f98SSadaf Ebrahimi 905*62c56f98SSadaf Ebrahimi name = mbedtls_test_unhexify_alloc(rdn_sequence, &name_len); 906*62c56f98SSadaf Ebrahimi p = name; 907*62c56f98SSadaf Ebrahimi 908*62c56f98SSadaf Ebrahimi ret = mbedtls_x509_get_name(&p, (name + name_len), &head); 909*62c56f98SSadaf Ebrahimi if (ret == 0) { 910*62c56f98SSadaf Ebrahimi mbedtls_asn1_free_named_data_list_shallow(head.next); 911*62c56f98SSadaf Ebrahimi } 912*62c56f98SSadaf Ebrahimi 913*62c56f98SSadaf Ebrahimi TEST_EQUAL(ret, exp_ret); 914*62c56f98SSadaf Ebrahimi 915*62c56f98SSadaf Ebrahimiexit: 916*62c56f98SSadaf Ebrahimi mbedtls_free(name); 917*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 918*62c56f98SSadaf Ebrahimi} 919*62c56f98SSadaf Ebrahimi/* END_CASE */ 920*62c56f98SSadaf Ebrahimi 921*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ 922*62c56f98SSadaf Ebrahimivoid mbedtls_x509_dn_get_next(char *name_str, 923*62c56f98SSadaf Ebrahimi int next_merged, 924*62c56f98SSadaf Ebrahimi char *expected_oids, 925*62c56f98SSadaf Ebrahimi int exp_count, 926*62c56f98SSadaf Ebrahimi char *exp_dn_gets) 927*62c56f98SSadaf Ebrahimi{ 928*62c56f98SSadaf Ebrahimi int ret = 0, i; 929*62c56f98SSadaf Ebrahimi size_t len = 0, out_size; 930*62c56f98SSadaf Ebrahimi mbedtls_asn1_named_data *names = NULL; 931*62c56f98SSadaf Ebrahimi mbedtls_x509_name parsed, *parsed_cur; 932*62c56f98SSadaf Ebrahimi // Size of buf is maximum required for test cases 933*62c56f98SSadaf Ebrahimi unsigned char buf[80], *out = NULL, *c; 934*62c56f98SSadaf Ebrahimi const char *short_name; 935*62c56f98SSadaf Ebrahimi 936*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 937*62c56f98SSadaf Ebrahimi memset(&parsed, 0, sizeof(parsed)); 938*62c56f98SSadaf Ebrahimi memset(buf, 0, sizeof(buf)); 939*62c56f98SSadaf Ebrahimi c = buf + sizeof(buf); 940*62c56f98SSadaf Ebrahimi // Additional size required for trailing space 941*62c56f98SSadaf Ebrahimi out_size = strlen(expected_oids) + 2; 942*62c56f98SSadaf Ebrahimi TEST_CALLOC(out, out_size); 943*62c56f98SSadaf Ebrahimi 944*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_string_to_names(&names, name_str), 0); 945*62c56f98SSadaf Ebrahimi 946*62c56f98SSadaf Ebrahimi ret = mbedtls_x509_write_names(&c, buf, names); 947*62c56f98SSadaf Ebrahimi TEST_LE_S(0, ret); 948*62c56f98SSadaf Ebrahimi 949*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_asn1_get_tag(&c, buf + sizeof(buf), &len, 950*62c56f98SSadaf Ebrahimi MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE), 0); 951*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_get_name(&c, buf + sizeof(buf), &parsed), 0); 952*62c56f98SSadaf Ebrahimi 953*62c56f98SSadaf Ebrahimi // Iterate over names and set next_merged nodes 954*62c56f98SSadaf Ebrahimi parsed_cur = &parsed; 955*62c56f98SSadaf Ebrahimi for (; next_merged != 0 && parsed_cur != NULL; next_merged = next_merged >> 1) { 956*62c56f98SSadaf Ebrahimi parsed_cur->next_merged = next_merged & 0x01; 957*62c56f98SSadaf Ebrahimi parsed_cur = parsed_cur->next; 958*62c56f98SSadaf Ebrahimi } 959*62c56f98SSadaf Ebrahimi 960*62c56f98SSadaf Ebrahimi // Iterate over RDN nodes and print OID of first element to buffer 961*62c56f98SSadaf Ebrahimi parsed_cur = &parsed; 962*62c56f98SSadaf Ebrahimi len = 0; 963*62c56f98SSadaf Ebrahimi for (i = 0; parsed_cur != NULL; i++) { 964*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_oid_get_attr_short_name(&parsed_cur->oid, 965*62c56f98SSadaf Ebrahimi &short_name), 0); 966*62c56f98SSadaf Ebrahimi len += mbedtls_snprintf((char *) out + len, out_size - len, "%s ", short_name); 967*62c56f98SSadaf Ebrahimi parsed_cur = mbedtls_x509_dn_get_next(parsed_cur); 968*62c56f98SSadaf Ebrahimi } 969*62c56f98SSadaf Ebrahimi out[len-1] = 0; 970*62c56f98SSadaf Ebrahimi 971*62c56f98SSadaf Ebrahimi TEST_EQUAL(exp_count, i); 972*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp((char *) out, expected_oids), 0); 973*62c56f98SSadaf Ebrahimi mbedtls_free(out); 974*62c56f98SSadaf Ebrahimi out = NULL; 975*62c56f98SSadaf Ebrahimi 976*62c56f98SSadaf Ebrahimi out_size = strlen(exp_dn_gets) + 1; 977*62c56f98SSadaf Ebrahimi TEST_CALLOC(out, out_size); 978*62c56f98SSadaf Ebrahimi 979*62c56f98SSadaf Ebrahimi TEST_LE_S(0, mbedtls_x509_dn_gets((char *) out, out_size, &parsed)); 980*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp((char *) out, exp_dn_gets), 0); 981*62c56f98SSadaf Ebrahimiexit: 982*62c56f98SSadaf Ebrahimi mbedtls_free(out); 983*62c56f98SSadaf Ebrahimi mbedtls_asn1_free_named_data_list(&names); 984*62c56f98SSadaf Ebrahimi mbedtls_asn1_free_named_data_list_shallow(parsed.next); 985*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 986*62c56f98SSadaf Ebrahimi} 987*62c56f98SSadaf Ebrahimi/* END_CASE */ 988*62c56f98SSadaf Ebrahimi 989*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 990*62c56f98SSadaf Ebrahimivoid mbedtls_x509_time_is_past(char *crt_file, char *entity, int result) 991*62c56f98SSadaf Ebrahimi{ 992*62c56f98SSadaf Ebrahimi mbedtls_x509_crt crt; 993*62c56f98SSadaf Ebrahimi 994*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 995*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 996*62c56f98SSadaf Ebrahimi 997*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 998*62c56f98SSadaf Ebrahimi 999*62c56f98SSadaf Ebrahimi if (strcmp(entity, "valid_from") == 0) { 1000*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_from), result); 1001*62c56f98SSadaf Ebrahimi } else if (strcmp(entity, "valid_to") == 0) { 1002*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_to), result); 1003*62c56f98SSadaf Ebrahimi } else { 1004*62c56f98SSadaf Ebrahimi TEST_FAIL("Unknown entity"); 1005*62c56f98SSadaf Ebrahimi } 1006*62c56f98SSadaf Ebrahimi 1007*62c56f98SSadaf Ebrahimiexit: 1008*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 1009*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 1010*62c56f98SSadaf Ebrahimi} 1011*62c56f98SSadaf Ebrahimi/* END_CASE */ 1012*62c56f98SSadaf Ebrahimi 1013*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 1014*62c56f98SSadaf Ebrahimivoid mbedtls_x509_time_is_future(char *crt_file, char *entity, int result) 1015*62c56f98SSadaf Ebrahimi{ 1016*62c56f98SSadaf Ebrahimi mbedtls_x509_crt crt; 1017*62c56f98SSadaf Ebrahimi 1018*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 1019*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 1020*62c56f98SSadaf Ebrahimi 1021*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 1022*62c56f98SSadaf Ebrahimi 1023*62c56f98SSadaf Ebrahimi if (strcmp(entity, "valid_from") == 0) { 1024*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_from), result); 1025*62c56f98SSadaf Ebrahimi } else if (strcmp(entity, "valid_to") == 0) { 1026*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_to), result); 1027*62c56f98SSadaf Ebrahimi } else { 1028*62c56f98SSadaf Ebrahimi TEST_FAIL("Unknown entity"); 1029*62c56f98SSadaf Ebrahimi } 1030*62c56f98SSadaf Ebrahimi 1031*62c56f98SSadaf Ebrahimiexit: 1032*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 1033*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 1034*62c56f98SSadaf Ebrahimi} 1035*62c56f98SSadaf Ebrahimi/* END_CASE */ 1036*62c56f98SSadaf Ebrahimi 1037*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */ 1038*62c56f98SSadaf Ebrahimivoid x509parse_crt_file(char *crt_file, int result) 1039*62c56f98SSadaf Ebrahimi{ 1040*62c56f98SSadaf Ebrahimi mbedtls_x509_crt crt; 1041*62c56f98SSadaf Ebrahimi 1042*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 1043*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 1044*62c56f98SSadaf Ebrahimi 1045*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), result); 1046*62c56f98SSadaf Ebrahimi 1047*62c56f98SSadaf Ebrahimiexit: 1048*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 1049*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 1050*62c56f98SSadaf Ebrahimi} 1051*62c56f98SSadaf Ebrahimi/* END_CASE */ 1052*62c56f98SSadaf Ebrahimi 1053*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ 1054*62c56f98SSadaf Ebrahimivoid x509parse_crt(data_t *buf, char *result_str, int result) 1055*62c56f98SSadaf Ebrahimi{ 1056*62c56f98SSadaf Ebrahimi mbedtls_x509_crt crt; 1057*62c56f98SSadaf Ebrahimi#if !defined(MBEDTLS_X509_REMOVE_INFO) 1058*62c56f98SSadaf Ebrahimi unsigned char output[2000] = { 0 }; 1059*62c56f98SSadaf Ebrahimi int res; 1060*62c56f98SSadaf Ebrahimi#else 1061*62c56f98SSadaf Ebrahimi ((void) result_str); 1062*62c56f98SSadaf Ebrahimi#endif 1063*62c56f98SSadaf Ebrahimi 1064*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 1065*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 1066*62c56f98SSadaf Ebrahimi 1067*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len), result); 1068*62c56f98SSadaf Ebrahimi#if !defined(MBEDTLS_X509_REMOVE_INFO) 1069*62c56f98SSadaf Ebrahimi if ((result) == 0) { 1070*62c56f98SSadaf Ebrahimi res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); 1071*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -1); 1072*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -2); 1073*62c56f98SSadaf Ebrahimi 1074*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp((char *) output, result_str), 0); 1075*62c56f98SSadaf Ebrahimi } 1076*62c56f98SSadaf Ebrahimi memset(output, 0, 2000); 1077*62c56f98SSadaf Ebrahimi#endif 1078*62c56f98SSadaf Ebrahimi 1079*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 1080*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 1081*62c56f98SSadaf Ebrahimi 1082*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len), result); 1083*62c56f98SSadaf Ebrahimi#if !defined(MBEDTLS_X509_REMOVE_INFO) 1084*62c56f98SSadaf Ebrahimi if ((result) == 0) { 1085*62c56f98SSadaf Ebrahimi memset(output, 0, 2000); 1086*62c56f98SSadaf Ebrahimi 1087*62c56f98SSadaf Ebrahimi res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); 1088*62c56f98SSadaf Ebrahimi 1089*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -1); 1090*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -2); 1091*62c56f98SSadaf Ebrahimi 1092*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp((char *) output, result_str), 0); 1093*62c56f98SSadaf Ebrahimi } 1094*62c56f98SSadaf Ebrahimi memset(output, 0, 2000); 1095*62c56f98SSadaf Ebrahimi#endif /* !MBEDTLS_X509_REMOVE_INFO */ 1096*62c56f98SSadaf Ebrahimi 1097*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 1098*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 1099*62c56f98SSadaf Ebrahimi 1100*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, NULL), 1101*62c56f98SSadaf Ebrahimi result); 1102*62c56f98SSadaf Ebrahimi#if !defined(MBEDTLS_X509_REMOVE_INFO) 1103*62c56f98SSadaf Ebrahimi if ((result) == 0) { 1104*62c56f98SSadaf Ebrahimi res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); 1105*62c56f98SSadaf Ebrahimi 1106*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -1); 1107*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -2); 1108*62c56f98SSadaf Ebrahimi 1109*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp((char *) output, result_str), 0); 1110*62c56f98SSadaf Ebrahimi } 1111*62c56f98SSadaf Ebrahimi memset(output, 0, 2000); 1112*62c56f98SSadaf Ebrahimi#endif /* !MBEDTLS_X509_REMOVE_INFO */ 1113*62c56f98SSadaf Ebrahimi 1114*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 1115*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 1116*62c56f98SSadaf Ebrahimi 1117*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, NULL), 1118*62c56f98SSadaf Ebrahimi result); 1119*62c56f98SSadaf Ebrahimi#if !defined(MBEDTLS_X509_REMOVE_INFO) 1120*62c56f98SSadaf Ebrahimi if ((result) == 0) { 1121*62c56f98SSadaf Ebrahimi res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); 1122*62c56f98SSadaf Ebrahimi 1123*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -1); 1124*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -2); 1125*62c56f98SSadaf Ebrahimi 1126*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp((char *) output, result_str), 0); 1127*62c56f98SSadaf Ebrahimi } 1128*62c56f98SSadaf Ebrahimi#endif /* !MBEDTLS_X509_REMOVE_INFO */ 1129*62c56f98SSadaf Ebrahimi 1130*62c56f98SSadaf Ebrahimiexit: 1131*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 1132*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 1133*62c56f98SSadaf Ebrahimi} 1134*62c56f98SSadaf Ebrahimi/* END_CASE */ 1135*62c56f98SSadaf Ebrahimi 1136*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ 1137*62c56f98SSadaf Ebrahimivoid x509parse_crt_cb(data_t *buf, char *result_str, int result) 1138*62c56f98SSadaf Ebrahimi{ 1139*62c56f98SSadaf Ebrahimi mbedtls_x509_crt crt; 1140*62c56f98SSadaf Ebrahimi mbedtls_x509_buf oid; 1141*62c56f98SSadaf Ebrahimi 1142*62c56f98SSadaf Ebrahimi#if !defined(MBEDTLS_X509_REMOVE_INFO) 1143*62c56f98SSadaf Ebrahimi unsigned char output[2000] = { 0 }; 1144*62c56f98SSadaf Ebrahimi int res; 1145*62c56f98SSadaf Ebrahimi#else 1146*62c56f98SSadaf Ebrahimi ((void) result_str); 1147*62c56f98SSadaf Ebrahimi#endif 1148*62c56f98SSadaf Ebrahimi 1149*62c56f98SSadaf Ebrahimi oid.tag = MBEDTLS_ASN1_OID; 1150*62c56f98SSadaf Ebrahimi oid.len = MBEDTLS_OID_SIZE(MBEDTLS_OID_PKIX "\x01\x1F"); 1151*62c56f98SSadaf Ebrahimi oid.p = (unsigned char *) MBEDTLS_OID_PKIX "\x01\x1F"; 1152*62c56f98SSadaf Ebrahimi 1153*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 1154*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 1155*62c56f98SSadaf Ebrahimi 1156*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, parse_crt_ext_cb, 1157*62c56f98SSadaf Ebrahimi &oid), result); 1158*62c56f98SSadaf Ebrahimi#if !defined(MBEDTLS_X509_REMOVE_INFO) 1159*62c56f98SSadaf Ebrahimi if ((result) == 0) { 1160*62c56f98SSadaf Ebrahimi res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); 1161*62c56f98SSadaf Ebrahimi 1162*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -1); 1163*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -2); 1164*62c56f98SSadaf Ebrahimi 1165*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp((char *) output, result_str), 0); 1166*62c56f98SSadaf Ebrahimi } 1167*62c56f98SSadaf Ebrahimi memset(output, 0, 2000); 1168*62c56f98SSadaf Ebrahimi#endif /* !MBEDTLS_X509_REMOVE_INFO */ 1169*62c56f98SSadaf Ebrahimi 1170*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 1171*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 1172*62c56f98SSadaf Ebrahimi 1173*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, parse_crt_ext_cb, 1174*62c56f98SSadaf Ebrahimi &oid), (result)); 1175*62c56f98SSadaf Ebrahimi#if !defined(MBEDTLS_X509_REMOVE_INFO) 1176*62c56f98SSadaf Ebrahimi if ((result) == 0) { 1177*62c56f98SSadaf Ebrahimi res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); 1178*62c56f98SSadaf Ebrahimi 1179*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -1); 1180*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -2); 1181*62c56f98SSadaf Ebrahimi 1182*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp((char *) output, result_str), 0); 1183*62c56f98SSadaf Ebrahimi } 1184*62c56f98SSadaf Ebrahimi#endif /* !MBEDTLS_X509_REMOVE_INFO */ 1185*62c56f98SSadaf Ebrahimi 1186*62c56f98SSadaf Ebrahimiexit: 1187*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 1188*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 1189*62c56f98SSadaf Ebrahimi} 1190*62c56f98SSadaf Ebrahimi/* END_CASE */ 1191*62c56f98SSadaf Ebrahimi 1192*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ 1193*62c56f98SSadaf Ebrahimivoid x509parse_crl(data_t *buf, char *result_str, int result) 1194*62c56f98SSadaf Ebrahimi{ 1195*62c56f98SSadaf Ebrahimi mbedtls_x509_crl crl; 1196*62c56f98SSadaf Ebrahimi unsigned char output[2000]; 1197*62c56f98SSadaf Ebrahimi int res; 1198*62c56f98SSadaf Ebrahimi 1199*62c56f98SSadaf Ebrahimi mbedtls_x509_crl_init(&crl); 1200*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 1201*62c56f98SSadaf Ebrahimi 1202*62c56f98SSadaf Ebrahimi memset(output, 0, 2000); 1203*62c56f98SSadaf Ebrahimi 1204*62c56f98SSadaf Ebrahimi 1205*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crl_parse(&crl, buf->x, buf->len), (result)); 1206*62c56f98SSadaf Ebrahimi if ((result) == 0) { 1207*62c56f98SSadaf Ebrahimi res = mbedtls_x509_crl_info((char *) output, 2000, "", &crl); 1208*62c56f98SSadaf Ebrahimi 1209*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -1); 1210*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != -2); 1211*62c56f98SSadaf Ebrahimi 1212*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp((char *) output, result_str), 0); 1213*62c56f98SSadaf Ebrahimi } 1214*62c56f98SSadaf Ebrahimi 1215*62c56f98SSadaf Ebrahimiexit: 1216*62c56f98SSadaf Ebrahimi mbedtls_x509_crl_free(&crl); 1217*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 1218*62c56f98SSadaf Ebrahimi} 1219*62c56f98SSadaf Ebrahimi/* END_CASE */ 1220*62c56f98SSadaf Ebrahimi 1221*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ 1222*62c56f98SSadaf Ebrahimivoid mbedtls_x509_csr_parse(data_t *csr_der, char *ref_out, int ref_ret) 1223*62c56f98SSadaf Ebrahimi{ 1224*62c56f98SSadaf Ebrahimi mbedtls_x509_csr csr; 1225*62c56f98SSadaf Ebrahimi char my_out[1000]; 1226*62c56f98SSadaf Ebrahimi int my_ret; 1227*62c56f98SSadaf Ebrahimi 1228*62c56f98SSadaf Ebrahimi mbedtls_x509_csr_init(&csr); 1229*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 1230*62c56f98SSadaf Ebrahimi 1231*62c56f98SSadaf Ebrahimi memset(my_out, 0, sizeof(my_out)); 1232*62c56f98SSadaf Ebrahimi 1233*62c56f98SSadaf Ebrahimi my_ret = mbedtls_x509_csr_parse_der(&csr, csr_der->x, csr_der->len); 1234*62c56f98SSadaf Ebrahimi TEST_EQUAL(my_ret, ref_ret); 1235*62c56f98SSadaf Ebrahimi 1236*62c56f98SSadaf Ebrahimi if (ref_ret == 0) { 1237*62c56f98SSadaf Ebrahimi size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr); 1238*62c56f98SSadaf Ebrahimi TEST_EQUAL(my_out_len, strlen(ref_out)); 1239*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp(my_out, ref_out), 0); 1240*62c56f98SSadaf Ebrahimi } 1241*62c56f98SSadaf Ebrahimi 1242*62c56f98SSadaf Ebrahimiexit: 1243*62c56f98SSadaf Ebrahimi mbedtls_x509_csr_free(&csr); 1244*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 1245*62c56f98SSadaf Ebrahimi} 1246*62c56f98SSadaf Ebrahimi/* END_CASE */ 1247*62c56f98SSadaf Ebrahimi 1248*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ 1249*62c56f98SSadaf Ebrahimivoid mbedtls_x509_csr_parse_file(char *csr_file, char *ref_out, int ref_ret) 1250*62c56f98SSadaf Ebrahimi{ 1251*62c56f98SSadaf Ebrahimi mbedtls_x509_csr csr; 1252*62c56f98SSadaf Ebrahimi char my_out[1000]; 1253*62c56f98SSadaf Ebrahimi int my_ret; 1254*62c56f98SSadaf Ebrahimi 1255*62c56f98SSadaf Ebrahimi mbedtls_x509_csr_init(&csr); 1256*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 1257*62c56f98SSadaf Ebrahimi 1258*62c56f98SSadaf Ebrahimi memset(my_out, 0, sizeof(my_out)); 1259*62c56f98SSadaf Ebrahimi 1260*62c56f98SSadaf Ebrahimi my_ret = mbedtls_x509_csr_parse_file(&csr, csr_file); 1261*62c56f98SSadaf Ebrahimi TEST_EQUAL(my_ret, ref_ret); 1262*62c56f98SSadaf Ebrahimi 1263*62c56f98SSadaf Ebrahimi if (ref_ret == 0) { 1264*62c56f98SSadaf Ebrahimi size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr); 1265*62c56f98SSadaf Ebrahimi TEST_EQUAL(my_out_len, strlen(ref_out)); 1266*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp(my_out, ref_out), 0); 1267*62c56f98SSadaf Ebrahimi } 1268*62c56f98SSadaf Ebrahimi 1269*62c56f98SSadaf Ebrahimiexit: 1270*62c56f98SSadaf Ebrahimi mbedtls_x509_csr_free(&csr); 1271*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 1272*62c56f98SSadaf Ebrahimi} 1273*62c56f98SSadaf Ebrahimi/* END_CASE */ 1274*62c56f98SSadaf Ebrahimi 1275*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 1276*62c56f98SSadaf Ebrahimivoid mbedtls_x509_crt_parse_file(char *crt_path, int ret, int nb_crt) 1277*62c56f98SSadaf Ebrahimi{ 1278*62c56f98SSadaf Ebrahimi mbedtls_x509_crt chain, *cur; 1279*62c56f98SSadaf Ebrahimi int i; 1280*62c56f98SSadaf Ebrahimi 1281*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&chain); 1282*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 1283*62c56f98SSadaf Ebrahimi 1284*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, crt_path), ret); 1285*62c56f98SSadaf Ebrahimi 1286*62c56f98SSadaf Ebrahimi /* Check how many certs we got */ 1287*62c56f98SSadaf Ebrahimi for (i = 0, cur = &chain; cur != NULL; cur = cur->next) { 1288*62c56f98SSadaf Ebrahimi if (cur->raw.p != NULL) { 1289*62c56f98SSadaf Ebrahimi i++; 1290*62c56f98SSadaf Ebrahimi } 1291*62c56f98SSadaf Ebrahimi } 1292*62c56f98SSadaf Ebrahimi 1293*62c56f98SSadaf Ebrahimi TEST_EQUAL(i, nb_crt); 1294*62c56f98SSadaf Ebrahimi 1295*62c56f98SSadaf Ebrahimiexit: 1296*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&chain); 1297*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 1298*62c56f98SSadaf Ebrahimi} 1299*62c56f98SSadaf Ebrahimi/* END_CASE */ 1300*62c56f98SSadaf Ebrahimi 1301*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 1302*62c56f98SSadaf Ebrahimivoid mbedtls_x509_crt_parse_path(char *crt_path, int ret, int nb_crt) 1303*62c56f98SSadaf Ebrahimi{ 1304*62c56f98SSadaf Ebrahimi mbedtls_x509_crt chain, *cur; 1305*62c56f98SSadaf Ebrahimi int i; 1306*62c56f98SSadaf Ebrahimi 1307*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&chain); 1308*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 1309*62c56f98SSadaf Ebrahimi 1310*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_path(&chain, crt_path), ret); 1311*62c56f98SSadaf Ebrahimi 1312*62c56f98SSadaf Ebrahimi /* Check how many certs we got */ 1313*62c56f98SSadaf Ebrahimi for (i = 0, cur = &chain; cur != NULL; cur = cur->next) { 1314*62c56f98SSadaf Ebrahimi if (cur->raw.p != NULL) { 1315*62c56f98SSadaf Ebrahimi i++; 1316*62c56f98SSadaf Ebrahimi } 1317*62c56f98SSadaf Ebrahimi } 1318*62c56f98SSadaf Ebrahimi 1319*62c56f98SSadaf Ebrahimi TEST_EQUAL(i, nb_crt); 1320*62c56f98SSadaf Ebrahimi 1321*62c56f98SSadaf Ebrahimiexit: 1322*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&chain); 1323*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 1324*62c56f98SSadaf Ebrahimi} 1325*62c56f98SSadaf Ebrahimi/* END_CASE */ 1326*62c56f98SSadaf Ebrahimi 1327*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 1328*62c56f98SSadaf Ebrahimivoid mbedtls_x509_crt_verify_max(char *ca_file, char *chain_dir, int nb_int, 1329*62c56f98SSadaf Ebrahimi int ret_chk, int flags_chk) 1330*62c56f98SSadaf Ebrahimi{ 1331*62c56f98SSadaf Ebrahimi char file_buf[128]; 1332*62c56f98SSadaf Ebrahimi int ret; 1333*62c56f98SSadaf Ebrahimi uint32_t flags; 1334*62c56f98SSadaf Ebrahimi mbedtls_x509_crt trusted, chain; 1335*62c56f98SSadaf Ebrahimi 1336*62c56f98SSadaf Ebrahimi /* 1337*62c56f98SSadaf Ebrahimi * We expect chain_dir to contain certificates 00.crt, 01.crt, etc. 1338*62c56f98SSadaf Ebrahimi * with NN.crt signed by NN-1.crt 1339*62c56f98SSadaf Ebrahimi */ 1340*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&trusted); 1341*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&chain); 1342*62c56f98SSadaf Ebrahimi MD_OR_USE_PSA_INIT(); 1343*62c56f98SSadaf Ebrahimi 1344*62c56f98SSadaf Ebrahimi /* Load trusted root */ 1345*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, ca_file), 0); 1346*62c56f98SSadaf Ebrahimi 1347*62c56f98SSadaf Ebrahimi /* Load a chain with nb_int intermediates (from 01 to nb_int), 1348*62c56f98SSadaf Ebrahimi * plus one "end-entity" cert (nb_int + 1) */ 1349*62c56f98SSadaf Ebrahimi ret = mbedtls_snprintf(file_buf, sizeof(file_buf), "%s/c%02d.pem", chain_dir, 1350*62c56f98SSadaf Ebrahimi nb_int + 1); 1351*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret > 0 && (size_t) ret < sizeof(file_buf)); 1352*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, file_buf), 0); 1353*62c56f98SSadaf Ebrahimi 1354*62c56f98SSadaf Ebrahimi /* Try to verify that chain */ 1355*62c56f98SSadaf Ebrahimi ret = mbedtls_x509_crt_verify(&chain, &trusted, NULL, NULL, &flags, 1356*62c56f98SSadaf Ebrahimi NULL, NULL); 1357*62c56f98SSadaf Ebrahimi TEST_EQUAL(ret, ret_chk); 1358*62c56f98SSadaf Ebrahimi TEST_EQUAL(flags, (uint32_t) flags_chk); 1359*62c56f98SSadaf Ebrahimi 1360*62c56f98SSadaf Ebrahimiexit: 1361*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&chain); 1362*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&trusted); 1363*62c56f98SSadaf Ebrahimi MD_OR_USE_PSA_DONE(); 1364*62c56f98SSadaf Ebrahimi} 1365*62c56f98SSadaf Ebrahimi/* END_CASE */ 1366*62c56f98SSadaf Ebrahimi 1367*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 1368*62c56f98SSadaf Ebrahimivoid mbedtls_x509_crt_verify_chain(char *chain_paths, char *trusted_ca, 1369*62c56f98SSadaf Ebrahimi int flags_result, int result, 1370*62c56f98SSadaf Ebrahimi char *profile_name, int vrfy_fatal_lvls) 1371*62c56f98SSadaf Ebrahimi{ 1372*62c56f98SSadaf Ebrahimi char *act; 1373*62c56f98SSadaf Ebrahimi uint32_t flags; 1374*62c56f98SSadaf Ebrahimi int res; 1375*62c56f98SSadaf Ebrahimi mbedtls_x509_crt trusted, chain; 1376*62c56f98SSadaf Ebrahimi const mbedtls_x509_crt_profile *profile = NULL; 1377*62c56f98SSadaf Ebrahimi 1378*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&chain); 1379*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&trusted); 1380*62c56f98SSadaf Ebrahimi MD_OR_USE_PSA_INIT(); 1381*62c56f98SSadaf Ebrahimi 1382*62c56f98SSadaf Ebrahimi while ((act = mystrsep(&chain_paths, " ")) != NULL) { 1383*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, act), 0); 1384*62c56f98SSadaf Ebrahimi } 1385*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, trusted_ca), 0); 1386*62c56f98SSadaf Ebrahimi 1387*62c56f98SSadaf Ebrahimi if (strcmp(profile_name, "") == 0) { 1388*62c56f98SSadaf Ebrahimi profile = &mbedtls_x509_crt_profile_default; 1389*62c56f98SSadaf Ebrahimi } else if (strcmp(profile_name, "next") == 0) { 1390*62c56f98SSadaf Ebrahimi profile = &mbedtls_x509_crt_profile_next; 1391*62c56f98SSadaf Ebrahimi } else if (strcmp(profile_name, "suiteb") == 0) { 1392*62c56f98SSadaf Ebrahimi profile = &mbedtls_x509_crt_profile_suiteb; 1393*62c56f98SSadaf Ebrahimi } else if (strcmp(profile_name, "rsa3072") == 0) { 1394*62c56f98SSadaf Ebrahimi profile = &profile_rsa3072; 1395*62c56f98SSadaf Ebrahimi } else if (strcmp(profile_name, "sha512") == 0) { 1396*62c56f98SSadaf Ebrahimi profile = &profile_sha512; 1397*62c56f98SSadaf Ebrahimi } 1398*62c56f98SSadaf Ebrahimi 1399*62c56f98SSadaf Ebrahimi res = mbedtls_x509_crt_verify_with_profile(&chain, &trusted, NULL, profile, 1400*62c56f98SSadaf Ebrahimi NULL, &flags, verify_fatal, &vrfy_fatal_lvls); 1401*62c56f98SSadaf Ebrahimi 1402*62c56f98SSadaf Ebrahimi TEST_EQUAL(res, (result)); 1403*62c56f98SSadaf Ebrahimi TEST_EQUAL(flags, (uint32_t) (flags_result)); 1404*62c56f98SSadaf Ebrahimi 1405*62c56f98SSadaf Ebrahimiexit: 1406*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&trusted); 1407*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&chain); 1408*62c56f98SSadaf Ebrahimi MD_OR_USE_PSA_DONE(); 1409*62c56f98SSadaf Ebrahimi} 1410*62c56f98SSadaf Ebrahimi/* END_CASE */ 1411*62c56f98SSadaf Ebrahimi 1412*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C:!MBEDTLS_X509_REMOVE_INFO */ 1413*62c56f98SSadaf Ebrahimivoid x509_oid_desc(data_t *buf, char *ref_desc) 1414*62c56f98SSadaf Ebrahimi{ 1415*62c56f98SSadaf Ebrahimi mbedtls_x509_buf oid; 1416*62c56f98SSadaf Ebrahimi const char *desc = NULL; 1417*62c56f98SSadaf Ebrahimi int ret; 1418*62c56f98SSadaf Ebrahimi 1419*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 1420*62c56f98SSadaf Ebrahimi 1421*62c56f98SSadaf Ebrahimi oid.tag = MBEDTLS_ASN1_OID; 1422*62c56f98SSadaf Ebrahimi oid.p = buf->x; 1423*62c56f98SSadaf Ebrahimi oid.len = buf->len; 1424*62c56f98SSadaf Ebrahimi 1425*62c56f98SSadaf Ebrahimi ret = mbedtls_oid_get_extended_key_usage(&oid, &desc); 1426*62c56f98SSadaf Ebrahimi 1427*62c56f98SSadaf Ebrahimi if (strcmp(ref_desc, "notfound") == 0) { 1428*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret != 0); 1429*62c56f98SSadaf Ebrahimi TEST_ASSERT(desc == NULL); 1430*62c56f98SSadaf Ebrahimi } else { 1431*62c56f98SSadaf Ebrahimi TEST_EQUAL(ret, 0); 1432*62c56f98SSadaf Ebrahimi TEST_ASSERT(desc != NULL); 1433*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp(desc, ref_desc), 0); 1434*62c56f98SSadaf Ebrahimi } 1435*62c56f98SSadaf Ebrahimi 1436*62c56f98SSadaf Ebrahimiexit: 1437*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 1438*62c56f98SSadaf Ebrahimi} 1439*62c56f98SSadaf Ebrahimi/* END_CASE */ 1440*62c56f98SSadaf Ebrahimi 1441*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ 1442*62c56f98SSadaf Ebrahimivoid x509_oid_numstr(data_t *oid_buf, char *numstr, int blen, int ret) 1443*62c56f98SSadaf Ebrahimi{ 1444*62c56f98SSadaf Ebrahimi mbedtls_x509_buf oid; 1445*62c56f98SSadaf Ebrahimi char num_buf[100]; 1446*62c56f98SSadaf Ebrahimi 1447*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 1448*62c56f98SSadaf Ebrahimi 1449*62c56f98SSadaf Ebrahimi memset(num_buf, 0x2a, sizeof(num_buf)); 1450*62c56f98SSadaf Ebrahimi 1451*62c56f98SSadaf Ebrahimi oid.tag = MBEDTLS_ASN1_OID; 1452*62c56f98SSadaf Ebrahimi oid.p = oid_buf->x; 1453*62c56f98SSadaf Ebrahimi oid.len = oid_buf->len; 1454*62c56f98SSadaf Ebrahimi 1455*62c56f98SSadaf Ebrahimi TEST_ASSERT((size_t) blen <= sizeof(num_buf)); 1456*62c56f98SSadaf Ebrahimi 1457*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_oid_get_numeric_string(num_buf, blen, &oid), ret); 1458*62c56f98SSadaf Ebrahimi 1459*62c56f98SSadaf Ebrahimi if (ret >= 0) { 1460*62c56f98SSadaf Ebrahimi TEST_EQUAL(num_buf[ret], 0); 1461*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp(num_buf, numstr), 0); 1462*62c56f98SSadaf Ebrahimi } 1463*62c56f98SSadaf Ebrahimi 1464*62c56f98SSadaf Ebrahimiexit: 1465*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 1466*62c56f98SSadaf Ebrahimi} 1467*62c56f98SSadaf Ebrahimi/* END_CASE */ 1468*62c56f98SSadaf Ebrahimi 1469*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 1470*62c56f98SSadaf Ebrahimivoid x509_check_key_usage(char *crt_file, int usage, int ret) 1471*62c56f98SSadaf Ebrahimi{ 1472*62c56f98SSadaf Ebrahimi mbedtls_x509_crt crt; 1473*62c56f98SSadaf Ebrahimi 1474*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 1475*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 1476*62c56f98SSadaf Ebrahimi 1477*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 1478*62c56f98SSadaf Ebrahimi 1479*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_check_key_usage(&crt, usage), ret); 1480*62c56f98SSadaf Ebrahimi 1481*62c56f98SSadaf Ebrahimiexit: 1482*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 1483*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 1484*62c56f98SSadaf Ebrahimi} 1485*62c56f98SSadaf Ebrahimi/* END_CASE */ 1486*62c56f98SSadaf Ebrahimi 1487*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ 1488*62c56f98SSadaf Ebrahimivoid x509_check_extended_key_usage(char *crt_file, data_t *oid, int ret 1489*62c56f98SSadaf Ebrahimi ) 1490*62c56f98SSadaf Ebrahimi{ 1491*62c56f98SSadaf Ebrahimi mbedtls_x509_crt crt; 1492*62c56f98SSadaf Ebrahimi 1493*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 1494*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 1495*62c56f98SSadaf Ebrahimi 1496*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); 1497*62c56f98SSadaf Ebrahimi 1498*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_check_extended_key_usage(&crt, (const char *) oid->x, oid->len), 1499*62c56f98SSadaf Ebrahimi ret); 1500*62c56f98SSadaf Ebrahimi 1501*62c56f98SSadaf Ebrahimiexit: 1502*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 1503*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 1504*62c56f98SSadaf Ebrahimi} 1505*62c56f98SSadaf Ebrahimi/* END_CASE */ 1506*62c56f98SSadaf Ebrahimi 1507*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ 1508*62c56f98SSadaf Ebrahimivoid x509_get_time(int tag, char *time_str, int ret, int year, int mon, 1509*62c56f98SSadaf Ebrahimi int day, int hour, int min, int sec) 1510*62c56f98SSadaf Ebrahimi{ 1511*62c56f98SSadaf Ebrahimi mbedtls_x509_time time; 1512*62c56f98SSadaf Ebrahimi unsigned char buf[21]; 1513*62c56f98SSadaf Ebrahimi unsigned char *start = buf; 1514*62c56f98SSadaf Ebrahimi unsigned char *end = buf; 1515*62c56f98SSadaf Ebrahimi 1516*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 1517*62c56f98SSadaf Ebrahimi memset(&time, 0x00, sizeof(time)); 1518*62c56f98SSadaf Ebrahimi *end = (unsigned char) tag; end++; 1519*62c56f98SSadaf Ebrahimi *end = strlen(time_str); 1520*62c56f98SSadaf Ebrahimi TEST_ASSERT(*end < 20); 1521*62c56f98SSadaf Ebrahimi end++; 1522*62c56f98SSadaf Ebrahimi memcpy(end, time_str, (size_t) *(end - 1)); 1523*62c56f98SSadaf Ebrahimi end += *(end - 1); 1524*62c56f98SSadaf Ebrahimi 1525*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_get_time(&start, end, &time), ret); 1526*62c56f98SSadaf Ebrahimi if (ret == 0) { 1527*62c56f98SSadaf Ebrahimi TEST_EQUAL(year, time.year); 1528*62c56f98SSadaf Ebrahimi TEST_EQUAL(mon, time.mon); 1529*62c56f98SSadaf Ebrahimi TEST_EQUAL(day, time.day); 1530*62c56f98SSadaf Ebrahimi TEST_EQUAL(hour, time.hour); 1531*62c56f98SSadaf Ebrahimi TEST_EQUAL(min, time.min); 1532*62c56f98SSadaf Ebrahimi TEST_EQUAL(sec, time.sec); 1533*62c56f98SSadaf Ebrahimi } 1534*62c56f98SSadaf Ebrahimiexit: 1535*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 1536*62c56f98SSadaf Ebrahimi} 1537*62c56f98SSadaf Ebrahimi/* END_CASE */ 1538*62c56f98SSadaf Ebrahimi 1539*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */ 1540*62c56f98SSadaf Ebrahimivoid x509_parse_rsassa_pss_params(data_t *params, int params_tag, 1541*62c56f98SSadaf Ebrahimi int ref_msg_md, int ref_mgf_md, 1542*62c56f98SSadaf Ebrahimi int ref_salt_len, int ref_ret) 1543*62c56f98SSadaf Ebrahimi{ 1544*62c56f98SSadaf Ebrahimi int my_ret; 1545*62c56f98SSadaf Ebrahimi mbedtls_x509_buf buf; 1546*62c56f98SSadaf Ebrahimi mbedtls_md_type_t my_msg_md, my_mgf_md; 1547*62c56f98SSadaf Ebrahimi int my_salt_len; 1548*62c56f98SSadaf Ebrahimi 1549*62c56f98SSadaf Ebrahimi USE_PSA_INIT(); 1550*62c56f98SSadaf Ebrahimi 1551*62c56f98SSadaf Ebrahimi buf.p = params->x; 1552*62c56f98SSadaf Ebrahimi buf.len = params->len; 1553*62c56f98SSadaf Ebrahimi buf.tag = params_tag; 1554*62c56f98SSadaf Ebrahimi 1555*62c56f98SSadaf Ebrahimi my_ret = mbedtls_x509_get_rsassa_pss_params(&buf, &my_msg_md, &my_mgf_md, 1556*62c56f98SSadaf Ebrahimi &my_salt_len); 1557*62c56f98SSadaf Ebrahimi 1558*62c56f98SSadaf Ebrahimi TEST_EQUAL(my_ret, ref_ret); 1559*62c56f98SSadaf Ebrahimi 1560*62c56f98SSadaf Ebrahimi if (ref_ret == 0) { 1561*62c56f98SSadaf Ebrahimi TEST_EQUAL(my_msg_md, (mbedtls_md_type_t) ref_msg_md); 1562*62c56f98SSadaf Ebrahimi TEST_EQUAL(my_mgf_md, (mbedtls_md_type_t) ref_mgf_md); 1563*62c56f98SSadaf Ebrahimi TEST_EQUAL(my_salt_len, ref_salt_len); 1564*62c56f98SSadaf Ebrahimi } 1565*62c56f98SSadaf Ebrahimi 1566*62c56f98SSadaf Ebrahimiexit: 1567*62c56f98SSadaf Ebrahimi USE_PSA_DONE(); 1568*62c56f98SSadaf Ebrahimi} 1569*62c56f98SSadaf Ebrahimi/* END_CASE */ 1570*62c56f98SSadaf Ebrahimi 1571*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */ 1572*62c56f98SSadaf Ebrahimivoid x509_crt_parse_subjectkeyid(char *file, data_t *subjectKeyId, int ref_ret) 1573*62c56f98SSadaf Ebrahimi{ 1574*62c56f98SSadaf Ebrahimi mbedtls_x509_crt crt; 1575*62c56f98SSadaf Ebrahimi 1576*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 1577*62c56f98SSadaf Ebrahimi 1578*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret); 1579*62c56f98SSadaf Ebrahimi 1580*62c56f98SSadaf Ebrahimi if (ref_ret == 0) { 1581*62c56f98SSadaf Ebrahimi TEST_EQUAL(crt.subject_key_id.tag, MBEDTLS_ASN1_OCTET_STRING); 1582*62c56f98SSadaf Ebrahimi TEST_EQUAL(memcmp(crt.subject_key_id.p, subjectKeyId->x, subjectKeyId->len), 0); 1583*62c56f98SSadaf Ebrahimi TEST_EQUAL(crt.subject_key_id.len, subjectKeyId->len); 1584*62c56f98SSadaf Ebrahimi } else { 1585*62c56f98SSadaf Ebrahimi TEST_EQUAL(crt.subject_key_id.tag, 0); 1586*62c56f98SSadaf Ebrahimi TEST_EQUAL(crt.subject_key_id.len, 0); 1587*62c56f98SSadaf Ebrahimi } 1588*62c56f98SSadaf Ebrahimi 1589*62c56f98SSadaf Ebrahimiexit: 1590*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 1591*62c56f98SSadaf Ebrahimi} 1592*62c56f98SSadaf Ebrahimi/* END_CASE */ 1593*62c56f98SSadaf Ebrahimi 1594*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */ 1595*62c56f98SSadaf Ebrahimivoid x509_crt_parse_authoritykeyid(char *file, 1596*62c56f98SSadaf Ebrahimi data_t *keyId, 1597*62c56f98SSadaf Ebrahimi char *authorityKeyId_issuer, 1598*62c56f98SSadaf Ebrahimi data_t *serial, 1599*62c56f98SSadaf Ebrahimi int ref_ret) 1600*62c56f98SSadaf Ebrahimi{ 1601*62c56f98SSadaf Ebrahimi mbedtls_x509_crt crt; 1602*62c56f98SSadaf Ebrahimi mbedtls_x509_subject_alternative_name san; 1603*62c56f98SSadaf Ebrahimi char name_buf[128]; 1604*62c56f98SSadaf Ebrahimi 1605*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(&crt); 1606*62c56f98SSadaf Ebrahimi 1607*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret); 1608*62c56f98SSadaf Ebrahimi 1609*62c56f98SSadaf Ebrahimi if (ref_ret == 0) { 1610*62c56f98SSadaf Ebrahimi /* KeyId test */ 1611*62c56f98SSadaf Ebrahimi if (keyId->len > 0) { 1612*62c56f98SSadaf Ebrahimi TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, MBEDTLS_ASN1_OCTET_STRING); 1613*62c56f98SSadaf Ebrahimi TEST_EQUAL(memcmp(crt.authority_key_id.keyIdentifier.p, keyId->x, keyId->len), 0); 1614*62c56f98SSadaf Ebrahimi TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, keyId->len); 1615*62c56f98SSadaf Ebrahimi } else { 1616*62c56f98SSadaf Ebrahimi TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, 0); 1617*62c56f98SSadaf Ebrahimi TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, 0); 1618*62c56f98SSadaf Ebrahimi } 1619*62c56f98SSadaf Ebrahimi 1620*62c56f98SSadaf Ebrahimi 1621*62c56f98SSadaf Ebrahimi /* Issuer test */ 1622*62c56f98SSadaf Ebrahimi if (strlen(authorityKeyId_issuer) > 0) { 1623*62c56f98SSadaf Ebrahimi mbedtls_x509_sequence *issuerPtr = &crt.authority_key_id.authorityCertIssuer; 1624*62c56f98SSadaf Ebrahimi 1625*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_x509_parse_subject_alt_name(&issuerPtr->buf, &san), 0); 1626*62c56f98SSadaf Ebrahimi 1627*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_x509_dn_gets(name_buf, sizeof(name_buf), 1628*62c56f98SSadaf Ebrahimi &san.san.directory_name) 1629*62c56f98SSadaf Ebrahimi > 0); 1630*62c56f98SSadaf Ebrahimi TEST_EQUAL(strcmp(name_buf, authorityKeyId_issuer), 0); 1631*62c56f98SSadaf Ebrahimi 1632*62c56f98SSadaf Ebrahimi mbedtls_x509_free_subject_alt_name(&san); 1633*62c56f98SSadaf Ebrahimi } 1634*62c56f98SSadaf Ebrahimi 1635*62c56f98SSadaf Ebrahimi /* Serial test */ 1636*62c56f98SSadaf Ebrahimi if (serial->len > 0) { 1637*62c56f98SSadaf Ebrahimi TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, 1638*62c56f98SSadaf Ebrahimi MBEDTLS_ASN1_INTEGER); 1639*62c56f98SSadaf Ebrahimi TEST_EQUAL(memcmp(crt.authority_key_id.authorityCertSerialNumber.p, 1640*62c56f98SSadaf Ebrahimi serial->x, serial->len), 0); 1641*62c56f98SSadaf Ebrahimi TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, serial->len); 1642*62c56f98SSadaf Ebrahimi } else { 1643*62c56f98SSadaf Ebrahimi TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, 0); 1644*62c56f98SSadaf Ebrahimi TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, 0); 1645*62c56f98SSadaf Ebrahimi } 1646*62c56f98SSadaf Ebrahimi 1647*62c56f98SSadaf Ebrahimi } else { 1648*62c56f98SSadaf Ebrahimi TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, 0); 1649*62c56f98SSadaf Ebrahimi TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, 0); 1650*62c56f98SSadaf Ebrahimi 1651*62c56f98SSadaf Ebrahimi TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, 0); 1652*62c56f98SSadaf Ebrahimi TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, 0); 1653*62c56f98SSadaf Ebrahimi } 1654*62c56f98SSadaf Ebrahimi 1655*62c56f98SSadaf Ebrahimiexit: 1656*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(&crt); 1657*62c56f98SSadaf Ebrahimi} 1658*62c56f98SSadaf Ebrahimi/* END_CASE */ 1659