mbedtls/tests/suites/test_suite_x509parse.function
Manuel Pégourié-Gonnard 05e464dff7 Merge branch 'development' into iotssl-1381-x509-verify-refactor-restricted
* development: (557 commits)
  Add attribution for #1351 report
  Adapt version_features.c
  Note incompatibility of truncated HMAC extension in ChangeLog
  Add LinkLibraryDependencies to VS2010 app template
  Add ChangeLog entry for PR #1382
  MD: Make deprecated functions not inline
  Add ChangeLog entry for PR #1384
  Have Visual Studio handle linking to mbedTLS.lib internally
  Mention in ChangeLog that this fixes #1351
  Add issue number to ChangeLog
  Note in the changelog that this fixes an interoperability issue.
  Style fix in ChangeLog
  Add ChangeLog entries for PR #1168 and #1362
  Add ChangeLog entry for PR #1165
  ctr_drbg: Typo fix in the file description comment.
  dhm: Fix typo in RFC 5114 constants
  tests_suite_pkparse: new PKCS8-v2 keys with PRF != SHA1
  data_files/pkcs8-v2: add keys generated with PRF != SHA1
  tests/pkcs5/pbkdf2_hmac: extend array to accommodate longer results
  tests/pkcs5/pbkdf2_hmac: add unit tests for additional SHA algorithms
  ...
2018-03-05 11:55:38 +01:00

790 lines
22 KiB
Plaintext

/* BEGIN_HEADER */
#include "mbedtls/x509.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_crl.h"
#include "mbedtls/x509_csr.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
#include "mbedtls/base64.h"
#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
than the current threshold 19. To test larger values, please \
adapt the script tests/data_files/dir-max/long.sh."
#endif
/* Profile for backward compatibility. Allows SHA-1, unlike the default
profile. */
const mbedtls_x509_crt_profile compat_profile =
{
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
0xFFFFFFF, /* Any PK alg */
0xFFFFFFF, /* Any curve */
1024,
};
const mbedtls_x509_crt_profile profile_rsa3072 =
{
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ),
0,
3072,
};
const mbedtls_x509_crt_profile profile_sha512 =
{
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
0xFFFFFFF, /* Any PK alg */
0xFFFFFFF, /* Any curve */
1024,
};
int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
{
((void) data);
((void) crt);
((void) certificate_depth);
*flags |= MBEDTLS_X509_BADCERT_OTHER;
return 0;
}
int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
{
((void) data);
((void) crt);
((void) certificate_depth);
*flags = 0;
return 0;
}
int verify_fatal( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
{
int *levels = (int *) data;
((void) crt);
((void) certificate_depth);
/* Simulate a fatal error in the callback */
if( *levels & ( 1 << certificate_depth ) )
{
*flags |= ( 1 << certificate_depth );
return( -1 - certificate_depth );
}
return( 0 );
}
/* strsep() not available on Windows */
char *mystrsep(char **stringp, const char *delim)
{
const char *p;
char *ret = *stringp;
if( *stringp == NULL )
return( NULL );
for( ; ; (*stringp)++ )
{
if( **stringp == '\0' )
{
*stringp = NULL;
goto done;
}
for( p = delim; *p != '\0'; p++ )
if( **stringp == *p )
{
**stringp = '\0';
(*stringp)++;
goto done;
}
}
done:
return( ret );
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
typedef struct {
char buf[512];
char *p;
} verify_print_context;
void verify_print_init( verify_print_context *ctx )
{
memset( ctx, 0, sizeof( verify_print_context ) );
ctx->p = ctx->buf;
}
int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
{
int ret;
verify_print_context *ctx = (verify_print_context *) data;
char *p = ctx->p;
size_t n = ctx->buf + sizeof( ctx->buf ) - ctx->p;
((void) flags);
ret = mbedtls_snprintf( p, n, "depth %d - serial ", certificate_depth );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, " - subject " );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, " - flags 0x%08x\n", *flags );
MBEDTLS_X509_SAFE_SNPRINTF;
ctx->p = p;
return( 0 );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_BIGNUM_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void x509_cert_info( char *crt_file, char *result_str )
{
mbedtls_x509_crt crt;
char buf[2000];
int res;
mbedtls_x509_crt_init( &crt );
memset( buf, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
res = mbedtls_x509_crt_info( buf, 2000, "", &crt );
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
void mbedtls_x509_crl_info( char *crl_file, char *result_str )
{
mbedtls_x509_crl crl;
char buf[2000];
int res;
mbedtls_x509_crl_init( &crl );
memset( buf, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
res = mbedtls_x509_crl_info( buf, 2000, "", &crl );
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
exit:
mbedtls_x509_crl_free( &crl );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
void mbedtls_x509_crl_parse( char *crl_file, int result )
{
mbedtls_x509_crl crl;
char buf[2000];
mbedtls_x509_crl_init( &crl );
memset( buf, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == result );
exit:
mbedtls_x509_crl_free( &crl );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C */
void mbedtls_x509_csr_info( char *csr_file, char *result_str )
{
mbedtls_x509_csr csr;
char buf[2000];
int res;
mbedtls_x509_csr_init( &csr );
memset( buf, 0, 2000 );
TEST_ASSERT( mbedtls_x509_csr_parse_file( &csr, csr_file ) == 0 );
res = mbedtls_x509_csr_info( buf, 2000, "", &csr );
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
exit:
mbedtls_x509_csr_free( &csr );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
void x509_verify_info( int flags, char *prefix, char *result_str )
{
char buf[2000];
int res;
memset( buf, 0, sizeof( buf ) );
res = mbedtls_x509_crt_verify_info( buf, sizeof( buf ), prefix, flags );
TEST_ASSERT( res >= 0 );
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
void x509_verify( char *crt_file, char *ca_file, char *crl_file,
char *cn_name_str, int result, int flags_result,
char *profile_str,
char *verify_callback )
{
mbedtls_x509_crt crt;
mbedtls_x509_crt ca;
mbedtls_x509_crl crl;
uint32_t flags = 0;
int res;
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL;
char * cn_name = NULL;
const mbedtls_x509_crt_profile *profile;
mbedtls_x509_crt_init( &crt );
mbedtls_x509_crt_init( &ca );
mbedtls_x509_crl_init( &crl );
if( strcmp( cn_name_str, "NULL" ) != 0 )
cn_name = cn_name_str;
if( strcmp( profile_str, "" ) == 0 )
profile = &mbedtls_x509_crt_profile_default;
else if( strcmp( profile_str, "next" ) == 0 )
profile = &mbedtls_x509_crt_profile_next;
else if( strcmp( profile_str, "suite_b" ) == 0 )
profile = &mbedtls_x509_crt_profile_suiteb;
else if( strcmp( profile_str, "compat" ) == 0 )
profile = &compat_profile;
else
TEST_ASSERT( "Unknown algorithm profile" == 0 );
if( strcmp( verify_callback, "NULL" ) == 0 )
f_vrfy = NULL;
else if( strcmp( verify_callback, "verify_none" ) == 0 )
f_vrfy = verify_none;
else if( strcmp( verify_callback, "verify_all" ) == 0 )
f_vrfy = verify_all;
else
TEST_ASSERT( "No known verify callback selected" == 0 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, cn_name, &flags, f_vrfy, NULL );
TEST_ASSERT( res == ( result ) );
TEST_ASSERT( flags == (uint32_t)( flags_result ) );
exit:
mbedtls_x509_crt_free( &crt );
mbedtls_x509_crt_free( &ca );
mbedtls_x509_crl_free( &crl );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void x509_verify_callback( char *crt_file, char *ca_file, char *name,
int exp_ret, char *exp_vrfy_out )
{
int ret;
mbedtls_x509_crt crt;
mbedtls_x509_crt ca;
uint32_t flags = 0;
verify_print_context vrfy_ctx;
mbedtls_x509_crt_init( &crt );
mbedtls_x509_crt_init( &ca );
verify_print_init( &vrfy_ctx );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
if( strcmp( name, "NULL" ) == 0 )
name = NULL;
ret = mbedtls_x509_crt_verify_with_profile( &crt, &ca, NULL,
&compat_profile,
name, &flags,
verify_print, &vrfy_ctx );
TEST_ASSERT( ret == exp_ret );
TEST_ASSERT( strcmp( vrfy_ctx.buf, exp_vrfy_out ) == 0 );
exit:
mbedtls_x509_crt_free( &crt );
mbedtls_x509_crt_free( &ca );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_x509_dn_gets( char *crt_file, char *entity, char *result_str )
{
mbedtls_x509_crt crt;
char buf[2000];
int res = 0;
mbedtls_x509_crt_init( &crt );
memset( buf, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
if( strcmp( entity, "subject" ) == 0 )
res = mbedtls_x509_dn_gets( buf, 2000, &crt.subject );
else if( strcmp( entity, "issuer" ) == 0 )
res = mbedtls_x509_dn_gets( buf, 2000, &crt.issuer );
else
TEST_ASSERT( "Unknown entity" == 0 );
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_x509_time_is_past( char *crt_file, char *entity, int result )
{
mbedtls_x509_crt crt;
mbedtls_x509_crt_init( &crt );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
if( strcmp( entity, "valid_from" ) == 0 )
TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_from ) == result );
else if( strcmp( entity, "valid_to" ) == 0 )
TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_to ) == result );
else
TEST_ASSERT( "Unknown entity" == 0 );
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_x509_time_is_future( char *crt_file, char *entity, int result )
{
mbedtls_x509_crt crt;
mbedtls_x509_crt_init( &crt );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
if( strcmp( entity, "valid_from" ) == 0 )
TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_from ) == result );
else if( strcmp( entity, "valid_to" ) == 0 )
TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_to ) == result );
else
TEST_ASSERT( "Unknown entity" == 0 );
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
void x509parse_crt_file( char *crt_file, int result )
{
mbedtls_x509_crt crt;
mbedtls_x509_crt_init( &crt );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == result );
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
void x509parse_crt( char *crt_data, char *result_str, int result )
{
mbedtls_x509_crt crt;
unsigned char buf[2000];
unsigned char output[2000];
int data_len, res;
mbedtls_x509_crt_init( &crt );
memset( buf, 0, 2000 );
memset( output, 0, 2000 );
data_len = unhexify( buf, crt_data );
TEST_ASSERT( mbedtls_x509_crt_parse( &crt, buf, data_len ) == ( result ) );
if( ( result ) == 0 )
{
res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
}
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C */
void x509parse_crl( char *crl_data, char *result_str, int result )
{
mbedtls_x509_crl crl;
unsigned char buf[2000];
unsigned char output[2000];
int data_len, res;
mbedtls_x509_crl_init( &crl );
memset( buf, 0, 2000 );
memset( output, 0, 2000 );
data_len = unhexify( buf, crl_data );
TEST_ASSERT( mbedtls_x509_crl_parse( &crl, buf, data_len ) == ( result ) );
if( ( result ) == 0 )
{
res = mbedtls_x509_crl_info( (char *) output, 2000, "", &crl );
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
}
exit:
mbedtls_x509_crl_free( &crl );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C */
void mbedtls_x509_csr_parse( char *csr_der_hex, char *ref_out, int ref_ret )
{
mbedtls_x509_csr csr;
unsigned char *csr_der = NULL;
char my_out[1000];
size_t csr_der_len;
int my_ret;
mbedtls_x509_csr_init( &csr );
memset( my_out, 0, sizeof( my_out ) );
csr_der = unhexify_alloc( csr_der_hex, &csr_der_len );
my_ret = mbedtls_x509_csr_parse_der( &csr, csr_der, csr_der_len );
TEST_ASSERT( my_ret == ref_ret );
if( ref_ret == 0 )
{
size_t my_out_len = mbedtls_x509_csr_info( my_out, sizeof( my_out ), "", &csr );
TEST_ASSERT( my_out_len == strlen( ref_out ) );
TEST_ASSERT( strcmp( my_out, ref_out ) == 0 );
}
exit:
mbedtls_x509_csr_free( &csr );
mbedtls_free( csr_der );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_x509_crt_parse_path( char *crt_path, int ret, int nb_crt )
{
mbedtls_x509_crt chain, *cur;
int i;
mbedtls_x509_crt_init( &chain );
TEST_ASSERT( mbedtls_x509_crt_parse_path( &chain, crt_path ) == ret );
/* Check how many certs we got */
for( i = 0, cur = &chain; cur != NULL; cur = cur->next )
if( cur->raw.p != NULL )
i++;
TEST_ASSERT( i == nb_crt );
exit:
mbedtls_x509_crt_free( &chain );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int,
int ret_chk, int flags_chk )
{
char file_buf[128];
int ret;
uint32_t flags;
mbedtls_x509_crt trusted, chain;
/*
* We expect chain_dir to contain certificates 00.crt, 01.crt, etc.
* with NN.crt signed by NN-1.crt
*/
mbedtls_x509_crt_init( &trusted );
mbedtls_x509_crt_init( &chain );
/* Load trusted root */
TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, ca_file ) == 0 );
/* Load a chain with nb_int intermediates (from 01 to nb_int),
* plus one "end-entity" cert (nb_int + 1) */
ret = mbedtls_snprintf( file_buf, sizeof file_buf, "%s/c%02d.pem", chain_dir,
nb_int + 1 );
TEST_ASSERT( ret > 0 && (size_t) ret < sizeof file_buf );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, file_buf ) == 0 );
/* Try to verify that chain */
ret = mbedtls_x509_crt_verify( &chain, &trusted, NULL, NULL, &flags,
NULL, NULL );
TEST_ASSERT( ret == ret_chk );
TEST_ASSERT( flags == (uint32_t) flags_chk );
exit:
mbedtls_x509_crt_free( &chain );
mbedtls_x509_crt_free( &trusted );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca,
int flags_result, int result,
char *profile_name, int vrfy_fatal_lvls )
{
char* act;
uint32_t flags;
int res;
mbedtls_x509_crt trusted, chain;
const mbedtls_x509_crt_profile *profile = NULL;
mbedtls_x509_crt_init( &chain );
mbedtls_x509_crt_init( &trusted );
while( ( act = mystrsep( &chain_paths, " " ) ) != NULL )
TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, act ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, trusted_ca ) == 0 );
if( strcmp( profile_name, "" ) == 0 )
profile = &mbedtls_x509_crt_profile_default;
else if( strcmp( profile_name, "next" ) == 0 )
profile = &mbedtls_x509_crt_profile_next;
else if( strcmp( profile_name, "suiteb" ) == 0 )
profile = &mbedtls_x509_crt_profile_suiteb;
else if( strcmp( profile_name, "rsa3072" ) == 0 )
profile = &profile_rsa3072;
else if( strcmp( profile_name, "sha512" ) == 0 )
profile = &profile_sha512;
res = mbedtls_x509_crt_verify_with_profile( &chain, &trusted, NULL, profile,
NULL, &flags, verify_fatal, &vrfy_fatal_lvls );
TEST_ASSERT( res == ( result ) );
TEST_ASSERT( flags == (uint32_t)( flags_result ) );
exit:
mbedtls_x509_crt_free( &trusted );
mbedtls_x509_crt_free( &chain );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
void x509_oid_desc( char *oid_str, char *ref_desc )
{
mbedtls_x509_buf oid;
const char *desc = NULL;
unsigned char buf[20];
int ret;
memset( buf, 0, sizeof buf );
oid.tag = MBEDTLS_ASN1_OID;
oid.len = unhexify( buf, oid_str );
oid.p = buf;
ret = mbedtls_oid_get_extended_key_usage( &oid, &desc );
if( strcmp( ref_desc, "notfound" ) == 0 )
{
TEST_ASSERT( ret != 0 );
TEST_ASSERT( desc == NULL );
}
else
{
TEST_ASSERT( ret == 0 );
TEST_ASSERT( desc != NULL );
TEST_ASSERT( strcmp( desc, ref_desc ) == 0 );
}
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
void x509_oid_numstr( char *oid_str, char *numstr, int blen, int ret )
{
mbedtls_x509_buf oid;
unsigned char oid_buf[20];
char num_buf[100];
memset( oid_buf, 0x00, sizeof oid_buf );
memset( num_buf, 0x2a, sizeof num_buf );
oid.tag = MBEDTLS_ASN1_OID;
oid.len = unhexify( oid_buf, oid_str );
oid.p = oid_buf;
TEST_ASSERT( (size_t) blen <= sizeof num_buf );
TEST_ASSERT( mbedtls_oid_get_numeric_string( num_buf, blen, &oid ) == ret );
if( ret >= 0 )
{
TEST_ASSERT( num_buf[ret] == 0 );
TEST_ASSERT( strcmp( num_buf, numstr ) == 0 );
}
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_KEY_USAGE */
void x509_check_key_usage( char *crt_file, int usage, int ret )
{
mbedtls_x509_crt crt;
mbedtls_x509_crt_init( &crt );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_check_key_usage( &crt, usage ) == ret );
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
void x509_check_extended_key_usage( char *crt_file, char *usage_hex, int ret )
{
mbedtls_x509_crt crt;
char oid[50];
size_t len;
mbedtls_x509_crt_init( &crt );
len = unhexify( (unsigned char *) oid, usage_hex );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_check_extended_key_usage( &crt, oid, len ) == ret );
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
void x509_get_time( int tag, char *time_str, int ret,
int year, int mon, int day,
int hour, int min, int sec )
{
mbedtls_x509_time time;
unsigned char buf[21];
unsigned char* start = buf;
unsigned char* end = buf;
memset( &time, 0x00, sizeof( time ) );
*end = (unsigned char)tag; end++;
*end = strlen( time_str );
TEST_ASSERT( *end < 20 );
end++;
memcpy( end, time_str, (size_t)*(end - 1) );
end += *(end - 1);
TEST_ASSERT( mbedtls_x509_get_time( &start, end, &time ) == ret );
if( ret == 0 )
{
TEST_ASSERT( year == time.year );
TEST_ASSERT( mon == time.mon );
TEST_ASSERT( day == time.day );
TEST_ASSERT( hour == time.hour );
TEST_ASSERT( min == time.min );
TEST_ASSERT( sec == time.sec );
}
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */
void x509_parse_rsassa_pss_params( char *hex_params, int params_tag,
int ref_msg_md, int ref_mgf_md,
int ref_salt_len, int ref_ret )
{
int my_ret;
mbedtls_x509_buf params;
mbedtls_md_type_t my_msg_md, my_mgf_md;
int my_salt_len;
params.p = unhexify_alloc( hex_params, &params.len );
params.tag = params_tag;
my_ret = mbedtls_x509_get_rsassa_pss_params( &params, &my_msg_md, &my_mgf_md,
&my_salt_len );
TEST_ASSERT( my_ret == ref_ret );
if( ref_ret == 0 )
{
TEST_ASSERT( my_msg_md == (mbedtls_md_type_t) ref_msg_md );
TEST_ASSERT( my_mgf_md == (mbedtls_md_type_t) ref_mgf_md );
TEST_ASSERT( my_salt_len == ref_salt_len );
}
exit:
mbedtls_free( params.p );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */
void x509_selftest()
{
TEST_ASSERT( mbedtls_x509_self_test( 1 ) == 0 );
}
/* END_CASE */