| /* BEGIN_HEADER */ |
| #include "mbedtls/x509_crt.h" |
| #include "mbedtls/x509_crl.h" |
| #include "mbedtls/x509_csr.h" |
| #include "mbedtls/pem.h" |
| #include "mbedtls/oid.h" |
| #include "mbedtls/base64.h" |
| |
| int verify_none( void *data, x509_crt *crt, int certificate_depth, int *flags ) |
| { |
| ((void) data); |
| ((void) crt); |
| ((void) certificate_depth); |
| *flags |= BADCERT_OTHER; |
| |
| return 0; |
| } |
| |
| int verify_all( void *data, x509_crt *crt, int certificate_depth, int *flags ) |
| { |
| ((void) data); |
| ((void) crt); |
| ((void) certificate_depth); |
| *flags = 0; |
| |
| return 0; |
| } |
| |
| /* END_HEADER */ |
| |
| /* BEGIN_DEPENDENCIES |
| * depends_on:POLARSSL_BIGNUM_C |
| * END_DEPENDENCIES |
| */ |
| |
| /* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C */ |
| void x509_cert_info( char *crt_file, char *result_str ) |
| { |
| x509_crt crt; |
| char buf[2000]; |
| int res; |
| |
| x509_crt_init( &crt ); |
| memset( buf, 0, 2000 ); |
| |
| TEST_ASSERT( x509_crt_parse_file( &crt, crt_file ) == 0 ); |
| res = x509_crt_info( buf, 2000, "", &crt ); |
| |
| TEST_ASSERT( res != -1 ); |
| TEST_ASSERT( res != -2 ); |
| |
| TEST_ASSERT( strcmp( buf, result_str ) == 0 ); |
| |
| exit: |
| x509_crt_free( &crt ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRL_PARSE_C */ |
| void x509_crl_info( char *crl_file, char *result_str ) |
| { |
| x509_crl crl; |
| char buf[2000]; |
| int res; |
| |
| x509_crl_init( &crl ); |
| memset( buf, 0, 2000 ); |
| |
| TEST_ASSERT( x509_crl_parse_file( &crl, crl_file ) == 0 ); |
| res = x509_crl_info( buf, 2000, "", &crl ); |
| |
| TEST_ASSERT( res != -1 ); |
| TEST_ASSERT( res != -2 ); |
| |
| TEST_ASSERT( strcmp( buf, result_str ) == 0 ); |
| |
| exit: |
| x509_crl_free( &crl ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CSR_PARSE_C */ |
| void x509_csr_info( char *csr_file, char *result_str ) |
| { |
| x509_csr csr; |
| char buf[2000]; |
| int res; |
| |
| x509_csr_init( &csr ); |
| memset( buf, 0, 2000 ); |
| |
| TEST_ASSERT( x509_csr_parse_file( &csr, csr_file ) == 0 ); |
| res = x509_csr_info( buf, 2000, "", &csr ); |
| |
| TEST_ASSERT( res != -1 ); |
| TEST_ASSERT( res != -2 ); |
| |
| TEST_ASSERT( strcmp( buf, result_str ) == 0 ); |
| |
| exit: |
| x509_csr_free( &csr ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C:POLARSSL_X509_CRL_PARSE_C */ |
| void x509_verify( char *crt_file, char *ca_file, char *crl_file, |
| char *cn_name_str, int result, int flags_result, |
| char *verify_callback ) |
| { |
| x509_crt crt; |
| x509_crt ca; |
| x509_crl crl; |
| int flags = 0; |
| int res; |
| int (*f_vrfy)(void *, x509_crt *, int, int *) = NULL; |
| char * cn_name = NULL; |
| |
| x509_crt_init( &crt ); |
| x509_crt_init( &ca ); |
| x509_crl_init( &crl ); |
| |
| if( strcmp( cn_name_str, "NULL" ) != 0 ) |
| cn_name = cn_name_str; |
| |
| if( strcmp( verify_callback, "NULL" ) == 0 ) |
| f_vrfy = NULL; |
| else if( strcmp( verify_callback, "verify_none" ) == 0 ) |
| f_vrfy = verify_none; |
| else if( strcmp( verify_callback, "verify_all" ) == 0 ) |
| f_vrfy = verify_all; |
| else |
| TEST_ASSERT( "No known verify callback selected" == 0 ); |
| |
| TEST_ASSERT( x509_crt_parse_file( &crt, crt_file ) == 0 ); |
| TEST_ASSERT( x509_crt_parse_file( &ca, ca_file ) == 0 ); |
| TEST_ASSERT( x509_crl_parse_file( &crl, crl_file ) == 0 ); |
| |
| res = x509_crt_verify( &crt, &ca, &crl, cn_name, &flags, f_vrfy, NULL ); |
| |
| TEST_ASSERT( res == ( result ) ); |
| TEST_ASSERT( flags == ( flags_result ) ); |
| |
| exit: |
| x509_crt_free( &crt ); |
| x509_crt_free( &ca ); |
| x509_crl_free( &crl ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_C */ |
| void x509_dn_gets( char *crt_file, char *entity, char *result_str ) |
| { |
| x509_crt crt; |
| char buf[2000]; |
| int res = 0; |
| |
| x509_crt_init( &crt ); |
| memset( buf, 0, 2000 ); |
| |
| TEST_ASSERT( x509_crt_parse_file( &crt, crt_file ) == 0 ); |
| if( strcmp( entity, "subject" ) == 0 ) |
| res = x509_dn_gets( buf, 2000, &crt.subject ); |
| else if( strcmp( entity, "issuer" ) == 0 ) |
| res = x509_dn_gets( buf, 2000, &crt.issuer ); |
| else |
| TEST_ASSERT( "Unknown entity" == 0 ); |
| |
| TEST_ASSERT( res != -1 ); |
| TEST_ASSERT( res != -2 ); |
| |
| TEST_ASSERT( strcmp( buf, result_str ) == 0 ); |
| |
| exit: |
| x509_crt_free( &crt ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_C */ |
| void x509_time_expired( char *crt_file, char *entity, int result ) |
| { |
| x509_crt crt; |
| |
| x509_crt_init( &crt ); |
| |
| TEST_ASSERT( x509_crt_parse_file( &crt, crt_file ) == 0 ); |
| |
| if( strcmp( entity, "valid_from" ) == 0 ) |
| TEST_ASSERT( x509_time_expired( &crt.valid_from ) == result ); |
| else if( strcmp( entity, "valid_to" ) == 0 ) |
| TEST_ASSERT( x509_time_expired( &crt.valid_to ) == result ); |
| else |
| TEST_ASSERT( "Unknown entity" == 0 ); |
| |
| exit: |
| x509_crt_free( &crt ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_C */ |
| void x509_time_future( char *crt_file, char *entity, int result ) |
| { |
| x509_crt crt; |
| |
| x509_crt_init( &crt ); |
| |
| TEST_ASSERT( x509_crt_parse_file( &crt, crt_file ) == 0 ); |
| |
| if( strcmp( entity, "valid_from" ) == 0 ) |
| TEST_ASSERT( x509_time_future( &crt.valid_from ) == result ); |
| else if( strcmp( entity, "valid_to" ) == 0 ) |
| TEST_ASSERT( x509_time_future( &crt.valid_to ) == result ); |
| else |
| TEST_ASSERT( "Unknown entity" == 0 ); |
| |
| exit: |
| x509_crt_free( &crt ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C:POLARSSL_FS_IO */ |
| void x509parse_crt_file( char *crt_file, int result ) |
| { |
| x509_crt crt; |
| |
| x509_crt_init( &crt ); |
| |
| TEST_ASSERT( x509_crt_parse_file( &crt, crt_file ) == result ); |
| |
| exit: |
| x509_crt_free( &crt ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C */ |
| void x509parse_crt( char *crt_data, char *result_str, int result ) |
| { |
| x509_crt crt; |
| unsigned char buf[2000]; |
| unsigned char output[2000]; |
| int data_len, res; |
| |
| x509_crt_init( &crt ); |
| memset( buf, 0, 2000 ); |
| memset( output, 0, 2000 ); |
| |
| data_len = unhexify( buf, crt_data ); |
| |
| TEST_ASSERT( x509_crt_parse( &crt, buf, data_len ) == ( result ) ); |
| if( ( result ) == 0 ) |
| { |
| res = x509_crt_info( (char *) output, 2000, "", &crt ); |
| |
| TEST_ASSERT( res != -1 ); |
| TEST_ASSERT( res != -2 ); |
| |
| TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); |
| } |
| |
| exit: |
| x509_crt_free( &crt ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:POLARSSL_X509_CRL_PARSE_C */ |
| void x509parse_crl( char *crl_data, char *result_str, int result ) |
| { |
| x509_crl crl; |
| unsigned char buf[2000]; |
| unsigned char output[2000]; |
| int data_len, res; |
| |
| x509_crl_init( &crl ); |
| memset( buf, 0, 2000 ); |
| memset( output, 0, 2000 ); |
| |
| data_len = unhexify( buf, crl_data ); |
| |
| TEST_ASSERT( x509_crl_parse( &crl, buf, data_len ) == ( result ) ); |
| if( ( result ) == 0 ) |
| { |
| res = x509_crl_info( (char *) output, 2000, "", &crl ); |
| |
| TEST_ASSERT( res != -1 ); |
| TEST_ASSERT( res != -2 ); |
| |
| TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); |
| } |
| |
| exit: |
| x509_crl_free( &crl ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:POLARSSL_X509_CSR_PARSE_C */ |
| void x509_csr_parse( char *csr_der_hex, char *ref_out, int ref_ret ) |
| { |
| x509_csr csr; |
| unsigned char *csr_der = NULL; |
| char my_out[1000]; |
| size_t csr_der_len; |
| int my_ret; |
| |
| x509_csr_init( &csr ); |
| memset( my_out, 0, sizeof( my_out ) ); |
| csr_der = unhexify_alloc( csr_der_hex, &csr_der_len ); |
| |
| my_ret = x509_csr_parse_der( &csr, csr_der, csr_der_len ); |
| TEST_ASSERT( my_ret == ref_ret ); |
| |
| if( ref_ret == 0 ) |
| { |
| size_t my_out_len = x509_csr_info( my_out, sizeof( my_out ), "", &csr ); |
| TEST_ASSERT( my_out_len == strlen( ref_out ) ); |
| TEST_ASSERT( strcmp( my_out, ref_out ) == 0 ); |
| } |
| |
| exit: |
| x509_csr_free( &csr ); |
| polarssl_free( csr_der ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C */ |
| void x509_crt_parse_path( char *crt_path, int ret, int nb_crt ) |
| { |
| x509_crt chain, *cur; |
| int i; |
| |
| x509_crt_init( &chain ); |
| |
| TEST_ASSERT( x509_crt_parse_path( &chain, crt_path ) == ret ); |
| |
| /* Check how many certs we got */ |
| for( i = 0, cur = &chain; cur != NULL; cur = cur->next ) |
| if( cur->raw.p != NULL ) |
| i++; |
| |
| TEST_ASSERT( i == nb_crt ); |
| |
| exit: |
| x509_crt_free( &chain ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:POLARSSL_X509_USE_C */ |
| void x509_oid_desc( char *oid_str, char *ref_desc ) |
| { |
| x509_buf oid; |
| const char *desc; |
| unsigned char buf[20]; |
| |
| memset( buf, 0, sizeof buf ); |
| |
| oid.tag = ASN1_OID; |
| oid.len = unhexify( buf, oid_str ); |
| oid.p = buf; |
| |
| desc = x509_oid_get_description( &oid ); |
| |
| if( strcmp( ref_desc, "notfound" ) == 0 ) |
| TEST_ASSERT( desc == NULL ); |
| else |
| { |
| TEST_ASSERT( desc != NULL ); |
| TEST_ASSERT( strcmp( desc, ref_desc ) == 0 ); |
| } |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:POLARSSL_X509_USE_C */ |
| void x509_oid_numstr( char *oid_str, char *numstr, int blen, int ret ) |
| { |
| x509_buf oid; |
| unsigned char oid_buf[20]; |
| char num_buf[100]; |
| |
| memset( oid_buf, 0x00, sizeof oid_buf ); |
| memset( num_buf, 0x2a, sizeof num_buf ); |
| |
| oid.tag = ASN1_OID; |
| oid.len = unhexify( oid_buf, oid_str ); |
| oid.p = oid_buf; |
| |
| TEST_ASSERT( (size_t) blen <= sizeof num_buf ); |
| |
| TEST_ASSERT( x509_oid_get_numeric_string( num_buf, blen, &oid ) == ret ); |
| |
| if( ret >= 0 ) |
| { |
| TEST_ASSERT( num_buf[ret] == 0 ); |
| TEST_ASSERT( strcmp( num_buf, numstr ) == 0 ); |
| } |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C:POLARSSL_X509_CHECK_KEY_USAGE */ |
| void x509_check_key_usage( char *crt_file, int usage, int ret ) |
| { |
| x509_crt crt; |
| |
| x509_crt_init( &crt ); |
| |
| TEST_ASSERT( x509_crt_parse_file( &crt, crt_file ) == 0 ); |
| |
| TEST_ASSERT( x509_crt_check_key_usage( &crt, usage ) == ret ); |
| |
| exit: |
| x509_crt_free( &crt ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C:POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE */ |
| void x509_check_extended_key_usage( char *crt_file, char *usage_hex, int ret ) |
| { |
| x509_crt crt; |
| char oid[50]; |
| size_t len; |
| |
| x509_crt_init( &crt ); |
| |
| len = unhexify( (unsigned char *) oid, usage_hex ); |
| |
| TEST_ASSERT( x509_crt_parse_file( &crt, crt_file ) == 0 ); |
| |
| TEST_ASSERT( x509_crt_check_extended_key_usage( &crt, oid, len ) == ret ); |
| |
| exit: |
| x509_crt_free( &crt ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT */ |
| void x509_parse_rsassa_pss_params( char *hex_params, int params_tag, |
| int ref_msg_md, int ref_mgf_md, |
| int ref_salt_len, int ref_ret ) |
| { |
| int my_ret; |
| x509_buf params; |
| md_type_t my_msg_md, my_mgf_md; |
| int my_salt_len; |
| |
| params.p = unhexify_alloc( hex_params, ¶ms.len ); |
| params.tag = params_tag; |
| |
| my_ret = x509_get_rsassa_pss_params( ¶ms, &my_msg_md, &my_mgf_md, |
| &my_salt_len ); |
| |
| TEST_ASSERT( my_ret == ref_ret ); |
| |
| if( ref_ret == 0 ) |
| { |
| TEST_ASSERT( my_msg_md == (md_type_t) ref_msg_md ); |
| TEST_ASSERT( my_mgf_md == (md_type_t) ref_mgf_md ); |
| TEST_ASSERT( my_salt_len == ref_salt_len ); |
| } |
| |
| exit: |
| polarssl_free( params.p ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C:POLARSSL_SELF_TEST */ |
| void x509_selftest() |
| { |
| TEST_ASSERT( x509_self_test( 0 ) == 0 ); |
| } |
| /* END_CASE */ |