Refactor certificates and keys in ssl handshake mock tests

Let the caller decide what certificates and keys are loaded (EC/RSA) instead of loading both for the server, and an unspecified one for the client. Use only DER encoding.
2025-01-23 14:11:08 +00:00 · 2020-02-02 19:25:26 -05:00 · 2020-02-02 19:25:26 -05:00 · b29807413e
parent 2a1f178d7c
commit b29807413e
1 changed files with 58 additions and 50 deletions
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@ -629,9 +629,7 @@ typedef struct mbedtls_endpoint_certificate
 {
    mbedtls_x509_crt ca_cert;
    mbedtls_x509_crt cert;
    mbedtls_x509_crt cert2;
    mbedtls_pk_context pkey;
    mbedtls_pk_context pkey2;
 } mbedtls_endpoint_certificate;
 /*
@ -654,7 +652,7 @@ typedef struct mbedtls_endpoint
 *
 * \retval  0 on success, otherwise error code.
 */
-int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep )
+int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
 {
    int i = 0;
    int ret = -1;
@ -668,9 +666,7 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep )
    cert = &( ep->cert );
    mbedtls_x509_crt_init( &( cert->ca_cert ) );
    mbedtls_x509_crt_init( &( cert->cert ) );
    mbedtls_x509_crt_init( &( cert->cert2 ) );
    mbedtls_pk_init( &( cert->pkey ) );
    mbedtls_pk_init( &( cert->pkey2 ) );
    /* Load the trusted CA */
@ -694,58 +690,71 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep )
    if( ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER )
    {
-        ret = mbedtls_x509_crt_parse( &( cert->cert ),
+        if( pk_alg == MBEDTLS_PK_RSA )
-                            (const unsigned char *) mbedtls_test_srv_crt_rsa,
+        {
-                            mbedtls_test_srv_crt_rsa_len );
+            ret = mbedtls_x509_crt_parse( &( cert->cert ),
-        TEST_ASSERT( ret == 0 );
+                    (const unsigned char*) mbedtls_test_srv_crt_rsa_sha256_der,
                    mbedtls_test_srv_crt_rsa_sha256_der_len );
            TEST_ASSERT( ret == 0 );
-        ret = mbedtls_pk_parse_key( &( cert->pkey ),
+            ret = mbedtls_pk_parse_key( &( cert->pkey ),
-                            (const unsigned char *) mbedtls_test_srv_key_rsa,
+                            (const unsigned char*) mbedtls_test_srv_key_rsa_der,
-                            mbedtls_test_srv_key_rsa_len, NULL, 0 );
+                            mbedtls_test_srv_key_rsa_der_len, NULL, 0 );
-        TEST_ASSERT( ret == 0 );
+            TEST_ASSERT( ret == 0 );
        }
        else
        {
            ret = mbedtls_x509_crt_parse( &( cert->cert ),
                            (const unsigned char*) mbedtls_test_srv_crt_ec_der,
                            mbedtls_test_srv_crt_ec_der_len );
            TEST_ASSERT( ret == 0 );
-        ret = mbedtls_x509_crt_parse( &( cert->cert2 ),
+            ret = mbedtls_pk_parse_key( &( cert->pkey ),
-                            (const unsigned char *) mbedtls_test_srv_crt_ec,
+                            (const unsigned char*) mbedtls_test_srv_key_ec_der,
-                            mbedtls_test_srv_crt_ec_len );
+                            mbedtls_test_srv_key_ec_der_len, NULL, 0 );
-        TEST_ASSERT( ret == 0 );
+            TEST_ASSERT( ret == 0 );
-
+        }
        ret = mbedtls_pk_parse_key( &( cert->pkey2 ),
                            (const unsigned char *) mbedtls_test_srv_key_ec,
                            mbedtls_test_srv_key_ec_len, NULL, 0 );
        TEST_ASSERT( ret == 0 );
    }
    else
    {
-        ret = mbedtls_x509_crt_parse( &( cert->cert ),
+        if( pk_alg == MBEDTLS_PK_RSA )
-                            (const unsigned char *) mbedtls_test_cli_crt,
+        {
-                            mbedtls_test_cli_crt_len );
+            ret = mbedtls_x509_crt_parse( &( cert->cert ),
-        TEST_ASSERT( ret == 0 );
+                          (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
                          mbedtls_test_cli_crt_rsa_der_len );
            TEST_ASSERT( ret == 0 );
-        ret = mbedtls_pk_parse_key( &( cert->pkey ),
+            ret = mbedtls_pk_parse_key( &( cert->pkey ),
-                            (const unsigned char *) mbedtls_test_cli_key,
+                          (const unsigned char *) mbedtls_test_cli_key_rsa_der,
-                            mbedtls_test_cli_key_len, NULL, 0 );
+                          mbedtls_test_cli_key_rsa_der_len, NULL, 0 );
-        TEST_ASSERT( ret == 0 );
+            TEST_ASSERT( ret == 0 );
        }
        else
        {
            ret = mbedtls_x509_crt_parse( &( cert->cert ),
                          (const unsigned char *) mbedtls_test_cli_crt_ec_der,
                          mbedtls_test_cli_crt_ec_len );
            TEST_ASSERT( ret == 0 );
            ret = mbedtls_pk_parse_key( &( cert->pkey ),
                          (const unsigned char *) mbedtls_test_cli_key_ec_der,
                          mbedtls_test_cli_key_ec_der_len, NULL, 0 );
            TEST_ASSERT( ret == 0 );
        }
    }
    mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL );
-    ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ), &( cert->pkey ) );
+    ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
                                     &( cert->pkey ) );
    TEST_ASSERT( ret == 0 );
    if( ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER )
    {
        ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert2 ), &( cert->pkey2 ) );
        TEST_ASSERT( ret == 0 );
    }
 exit:
    if( ret != 0 )
    {
        mbedtls_x509_crt_free( &( cert->ca_cert ) );
        mbedtls_x509_crt_free( &( cert->cert ) );
        mbedtls_x509_crt_free( &( cert->cert2 ) );
        mbedtls_pk_free( &( cert->pkey ) );
        mbedtls_pk_free( &( cert->pkey2 ) );
    }
    return ret;
@ -760,7 +769,7 @@ exit:
 *
 * \retval  0 on success, otherwise error code.
 */
-int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type )
+int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg )
 {
    int ret = -1;
@ -801,7 +810,7 @@ int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type )
                                        MBEDTLS_SSL_PRESET_DEFAULT );
    TEST_ASSERT( ret == 0 );
-    ret = mbedtls_endpoint_certificate_init( ep );
+    ret = mbedtls_endpoint_certificate_init( ep, pk_alg );
    TEST_ASSERT( ret == 0 );
 exit:
@ -816,9 +825,7 @@ void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
    mbedtls_endpoint_certificate *cert = &( ep->cert );
    mbedtls_x509_crt_free( &( cert->ca_cert ) );
    mbedtls_x509_crt_free( &( cert->cert ) );
    mbedtls_x509_crt_free( &( cert->cert2 ) );
    mbedtls_pk_free( &( cert->pkey ) );
    mbedtls_pk_free( &( cert->pkey2 ) );
 }
 /*
@ -2916,20 +2923,20 @@ void ssl_session_serialize_version_check( int corrupt_major,
 }
 /* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO */
 void mbedtls_endpoint_sanity( int endpoint_type )
 {
    enum { BUFFSIZE = 1024 };
    mbedtls_endpoint ep;
    int ret = -1;
-    ret = mbedtls_endpoint_init( NULL, endpoint_type );
+    ret = mbedtls_endpoint_init( NULL, endpoint_type, MBEDTLS_PK_RSA );
    TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
-    ret = mbedtls_endpoint_certificate_init( NULL );
+    ret = mbedtls_endpoint_certificate_init( NULL, MBEDTLS_PK_RSA );
    TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
-    ret = mbedtls_endpoint_init( &ep, endpoint_type );
+    ret = mbedtls_endpoint_init( &ep, endpoint_type, MBEDTLS_PK_RSA );
    TEST_ASSERT( ret == 0 );
 exit:
@ -2937,19 +2944,20 @@ exit:
 }
 /* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
 void move_handshake_to_state(int endpoint_type, int state, int need_pass)
 {
    enum { BUFFSIZE = 1024 };
    mbedtls_endpoint base_ep, second_ep;
    int ret = -1;
-    ret = mbedtls_endpoint_init( &base_ep, endpoint_type );
+    ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA );
    TEST_ASSERT( ret == 0 );
    ret = mbedtls_endpoint_init( &second_ep,
                            ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ?
-                            MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER );
+                            MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
                                 MBEDTLS_PK_RSA );
    TEST_ASSERT( ret == 0 );
    ret = mbedtls_mock_socket_connect( &(base_ep.socket),