mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-11 04:55:41 +00:00
Add concurrent X.509 CRT verification test
This commit enhances the X.509 parsing test suite by a test which exercises multiple threads concurrently verifying the same certificate with the same set of trusted roots.
This commit is contained in:
parent
4b70e12dde
commit
fd8b7bd63f
|
@ -2554,3 +2554,23 @@ x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.c
|
||||||
X509 CRT verify restart: one int, int badsign, max_ops=500
|
X509 CRT verify restart: one int, int badsign, max_ops=500
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
|
||||||
x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100
|
x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100
|
||||||
|
|
||||||
|
X509 CRT concurrent verification #1 (RSA cert, RSA CA)
|
||||||
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
|
||||||
|
x509_verify_thread:"data_files/server1.crt":"data_files/test-ca.crt":0:0:100:10
|
||||||
|
|
||||||
|
X509 CRT concurrent verification #2 (EC cert, RSA CA)
|
||||||
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
|
||||||
|
x509_verify_thread:"data_files/server3.crt":"data_files/test-ca.crt":0:0:100:10
|
||||||
|
|
||||||
|
X509 CRT concurrent verification #3 (RSA cert, EC CA)
|
||||||
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||||
|
x509_verify_thread:"data_files/server4.crt":"data_files/test-ca2.crt":0:0:100:10
|
||||||
|
|
||||||
|
X509 CRT concurrent verification #4 (EC cert, EC CA)
|
||||||
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||||
|
x509_verify_thread:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:100:10
|
||||||
|
|
||||||
|
X509 CRT concurrent verification #5 (RSA cert, RSA CA, RSASSA-PSS)
|
||||||
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
|
||||||
|
x509_verify_thread:"data_files/server9-with-ca.crt":"data_files/test-ca.crt":0:0:100:10
|
||||||
|
|
|
@ -58,6 +58,44 @@ const mbedtls_x509_crt_profile profile_sha512 =
|
||||||
1024,
|
1024,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
typedef struct
|
||||||
|
{
|
||||||
|
mbedtls_x509_crt *crt;
|
||||||
|
mbedtls_x509_crt *ca;
|
||||||
|
uint32_t expected_flags;
|
||||||
|
unsigned id;
|
||||||
|
int expected_result;
|
||||||
|
int iter_total;
|
||||||
|
int result;
|
||||||
|
} x509_verify_thread_ctx;
|
||||||
|
|
||||||
|
void* x509_verify_thread_worker( void *p )
|
||||||
|
{
|
||||||
|
unsigned iter_cnt;
|
||||||
|
x509_verify_thread_ctx *ctx = (x509_verify_thread_ctx *) p;
|
||||||
|
|
||||||
|
for( iter_cnt=0; iter_cnt < (unsigned) ctx->iter_total; iter_cnt++ )
|
||||||
|
{
|
||||||
|
uint32_t flags;
|
||||||
|
int res;
|
||||||
|
|
||||||
|
res = mbedtls_x509_crt_verify_with_profile( ctx->crt, ctx->ca,
|
||||||
|
NULL, &compat_profile,
|
||||||
|
NULL, &flags, NULL, NULL );
|
||||||
|
if( res != ctx->expected_result ||
|
||||||
|
flags != ctx->expected_flags )
|
||||||
|
{
|
||||||
|
ctx->result = 1;
|
||||||
|
pthread_exit( NULL );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx->result = 0;
|
||||||
|
pthread_exit( NULL );
|
||||||
|
return( NULL );
|
||||||
|
}
|
||||||
|
|
||||||
int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
|
int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
|
||||||
{
|
{
|
||||||
((void) data);
|
((void) data);
|
||||||
|
@ -352,6 +390,62 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
/* BEGIN_CASE depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
void x509_verify_thread( char *crt_file, char *ca_file,
|
||||||
|
int result, int flags_result,
|
||||||
|
int thread_total,
|
||||||
|
int iterations_per_thread )
|
||||||
|
{
|
||||||
|
x509_verify_thread_ctx *thread_ctx;
|
||||||
|
pthread_t *threads;
|
||||||
|
int cur_thread;
|
||||||
|
|
||||||
|
mbedtls_x509_crt crt;
|
||||||
|
mbedtls_x509_crt ca;
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
TEST_ASSERT( psa_crypto_init() == 0 );
|
||||||
|
#endif
|
||||||
|
|
||||||
|
mbedtls_x509_crt_init( &crt );
|
||||||
|
mbedtls_x509_crt_init( &ca );
|
||||||
|
threads = mbedtls_calloc( thread_total, sizeof( pthread_t ) );
|
||||||
|
thread_ctx = mbedtls_calloc( thread_total, sizeof( x509_verify_thread_ctx ) );
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
|
||||||
|
TEST_ASSERT( threads != NULL );
|
||||||
|
|
||||||
|
/* Start all verify threads */
|
||||||
|
for( cur_thread = 0; cur_thread < thread_total; cur_thread++ )
|
||||||
|
{
|
||||||
|
thread_ctx[ cur_thread ].id = (unsigned) cur_thread;
|
||||||
|
thread_ctx[ cur_thread ].ca = &ca;
|
||||||
|
thread_ctx[ cur_thread ].crt = &crt;
|
||||||
|
thread_ctx[ cur_thread ].expected_result = result;
|
||||||
|
thread_ctx[ cur_thread ].expected_flags = flags_result;
|
||||||
|
thread_ctx[ cur_thread ].iter_total = iterations_per_thread;
|
||||||
|
TEST_ASSERT( pthread_create( &threads[ cur_thread ], NULL,
|
||||||
|
&x509_verify_thread_worker,
|
||||||
|
&thread_ctx[ cur_thread ] ) == 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Wait for all threads to complete */
|
||||||
|
for( cur_thread = 0; cur_thread < thread_total; cur_thread++ )
|
||||||
|
TEST_ASSERT( pthread_join( threads[ cur_thread ], NULL ) == 0 );
|
||||||
|
|
||||||
|
/* Check their results */
|
||||||
|
for( cur_thread = 0; cur_thread < thread_total; cur_thread++ )
|
||||||
|
TEST_ASSERT( thread_ctx[ cur_thread ].result == 0 );
|
||||||
|
|
||||||
|
exit:
|
||||||
|
mbedtls_free( threads );
|
||||||
|
mbedtls_free( thread_ctx );
|
||||||
|
mbedtls_x509_crt_free( &crt );
|
||||||
|
mbedtls_x509_crt_free( &ca );
|
||||||
|
}
|
||||||
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
|
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
|
||||||
void x509_verify( char *crt_file, char *ca_file, char *crl_file,
|
void x509_verify( char *crt_file, char *ca_file, char *crl_file,
|
||||||
char *cn_name_str, int result, int flags_result,
|
char *cn_name_str, int result, int flags_result,
|
||||||
|
|
Loading…
Reference in a new issue