mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 16:55:43 +01:00
Revert "Remove tests that depend on TLS or X.509"
This reverts commit 9afb2e9921
.
Conflicts:
* include/CMakeLists.txt
* "Make config.h available" comment: there has been a change
adjacent to where it was removed. Just re-add what was removed.
* tests/CMakeLists.txt:
* compat.sh: there has been a change immediately before where it was
removed. Just re-add what was removed.
This commit is contained in:
parent
1a9c624fce
commit
7dc97048d6
@ -16,8 +16,13 @@ script:
|
||||
- make
|
||||
- make test
|
||||
- programs/test/selftest
|
||||
- OSSL_NO_DTLS=1 tests/compat.sh
|
||||
- tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl' --seed 4
|
||||
- tests/scripts/test-ref-configs.pl
|
||||
- tests/scripts/curves.pl
|
||||
- tests/scripts/key-exchanges.pl
|
||||
after_failure:
|
||||
- tests/scripts/travis-log-failure.sh
|
||||
env:
|
||||
global:
|
||||
- SEED=1
|
||||
|
@ -218,6 +218,8 @@ if(ENABLE_TESTING)
|
||||
ADD_CUSTOM_TARGET(covtest
|
||||
COMMAND make test
|
||||
COMMAND programs/test/selftest
|
||||
COMMAND tests/compat.sh
|
||||
COMMAND tests/ssl-opt.sh
|
||||
)
|
||||
|
||||
ADD_CUSTOM_TARGET(lcov
|
||||
|
2
Makefile
2
Makefile
@ -101,6 +101,8 @@ ifndef WINDOWS
|
||||
covtest:
|
||||
$(MAKE) check
|
||||
programs/test/selftest
|
||||
tests/compat.sh
|
||||
tests/ssl-opt.sh
|
||||
|
||||
lcov:
|
||||
rm -rf Coverage
|
||||
|
@ -70,6 +70,9 @@
|
||||
#define MBEDTLS_CERTS_C
|
||||
#define MBEDTLS_PEM_PARSE_C
|
||||
|
||||
/* For testing with compat.sh */
|
||||
#define MBEDTLS_FS_IO
|
||||
|
||||
#include "mbedtls/check_config.h"
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_H */
|
||||
|
@ -75,6 +75,10 @@
|
||||
#define MBEDTLS_SSL_SRV_C
|
||||
#define MBEDTLS_SSL_TLS_C
|
||||
|
||||
/* For tests using ssl-opt.sh */
|
||||
#define MBEDTLS_NET_C
|
||||
#define MBEDTLS_TIMING_C
|
||||
|
||||
/* Save RAM at the expense of ROM */
|
||||
#define MBEDTLS_AES_ROM_TABLES
|
||||
|
||||
|
@ -15,7 +15,7 @@ if(INSTALL_MBEDTLS_HEADERS)
|
||||
|
||||
endif(INSTALL_MBEDTLS_HEADERS)
|
||||
|
||||
# Make config.h available in an out-of-source build.
|
||||
# Make config.h available in an out-of-source build. ssl-opt.sh requires it.
|
||||
if (ENABLE_TESTING AND NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
|
||||
link_to_source(mbedtls)
|
||||
link_to_source(psa)
|
||||
|
@ -15,6 +15,7 @@
|
||||
# - type and version of the operating system
|
||||
# - version of armcc, clang, gcc-arm and gcc compilers
|
||||
# - version of libc, clang, asan and valgrind if installed
|
||||
# - version of gnuTLS and OpenSSL
|
||||
|
||||
print_version()
|
||||
{
|
||||
@ -73,6 +74,42 @@ echo
|
||||
print_version "valgrind" "--version" "valgrind not found!"
|
||||
echo
|
||||
|
||||
: ${OPENSSL:=openssl}
|
||||
print_version "$OPENSSL" "version" "openssl not found!"
|
||||
echo
|
||||
|
||||
if [ -n "${OPENSSL_LEGACY+set}" ]; then
|
||||
print_version "$OPENSSL_LEGACY" "version" "openssl legacy version not found!"
|
||||
echo
|
||||
fi
|
||||
|
||||
if [ -n "${OPENSSL_NEXT+set}" ]; then
|
||||
print_version "$OPENSSL_NEXT" "version" "openssl next version not found!"
|
||||
echo
|
||||
fi
|
||||
|
||||
: ${GNUTLS_CLI:=gnutls-cli}
|
||||
print_version "$GNUTLS_CLI" "--version" "gnuTLS client not found!" "head -n 1"
|
||||
echo
|
||||
|
||||
: ${GNUTLS_SERV:=gnutls-serv}
|
||||
print_version "$GNUTLS_SERV" "--version" "gnuTLS server not found!" "head -n 1"
|
||||
echo
|
||||
|
||||
if [ -n "${GNUTLS_LEGACY_CLI+set}" ]; then
|
||||
print_version "$GNUTLS_LEGACY_CLI" "--version" \
|
||||
"gnuTLS client legacy version not found!" \
|
||||
"head -n 1"
|
||||
echo
|
||||
fi
|
||||
|
||||
if [ -n "${GNUTLS_LEGACY_SERV+set}" ]; then
|
||||
print_version "$GNUTLS_LEGACY_SERV" "--version" \
|
||||
"gnuTLS server legacy version not found!" \
|
||||
"head -n 1"
|
||||
echo
|
||||
fi
|
||||
|
||||
if `hash dpkg > /dev/null 2>&1`; then
|
||||
echo "* asan:"
|
||||
dpkg -s libasan2 2> /dev/null | grep -i version
|
||||
|
@ -99,6 +99,7 @@ add_test_suite(cipher cipher.null)
|
||||
add_test_suite(cipher cipher.padding)
|
||||
add_test_suite(cmac)
|
||||
add_test_suite(ctr_drbg)
|
||||
add_test_suite(debug)
|
||||
add_test_suite(des)
|
||||
add_test_suite(dhm)
|
||||
add_test_suite(ecdh)
|
||||
@ -145,10 +146,13 @@ add_test_suite(psa_crypto_se_driver_hal_mocks)
|
||||
add_test_suite(psa_crypto_slot_management)
|
||||
add_test_suite(psa_its)
|
||||
add_test_suite(shax)
|
||||
add_test_suite(ssl)
|
||||
add_test_suite(timing)
|
||||
add_test_suite(rsa)
|
||||
add_test_suite(version)
|
||||
add_test_suite(xtea)
|
||||
add_test_suite(x509parse)
|
||||
add_test_suite(x509write)
|
||||
|
||||
# Make scripts and data files needed for testing available in an
|
||||
# out-of-source build.
|
||||
@ -156,7 +160,9 @@ if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
|
||||
if(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/seedfile")
|
||||
link_to_source(seedfile)
|
||||
endif()
|
||||
link_to_source(compat.sh)
|
||||
link_to_source(data_files)
|
||||
link_to_source(scripts)
|
||||
link_to_source(ssl-opt.sh)
|
||||
link_to_source(suites)
|
||||
endif()
|
||||
|
@ -2,9 +2,21 @@ test_suites
|
||||
The various 'test_suite_XXX' programs from the 'tests' directory, executed
|
||||
using 'make check' (Unix make) or 'make test' (Cmake), include test cases
|
||||
(reference test vectors, sanity checks, malformed input for parsing
|
||||
functions, etc.) for all modules.
|
||||
functions, etc.) for all modules except the SSL modules.
|
||||
|
||||
selftests
|
||||
The 'programs/test/selftest' program runs the 'XXX_self_test()' functions
|
||||
of each individual module. Most of them are included in the respective
|
||||
test suite, but some slower ones are only included here.
|
||||
|
||||
compat
|
||||
The 'tests/compat.sh' script checks interoperability with OpenSSL and
|
||||
GnuTLS (and ourselves!) for every common ciphersuite, in every TLS
|
||||
version, both ways (client/server), using client authentication or not.
|
||||
For each ciphersuite/version/side/authmode it performs a full handshake
|
||||
and a small data exchange.
|
||||
|
||||
ssl_opt
|
||||
The 'tests/ssl-opt.sh' script checks various options and/or operations not
|
||||
covered by compat.sh: session resumption (using session cache or tickets),
|
||||
renegotiation, SNI, other extensions, etc.
|
||||
|
1414
tests/compat.sh
Executable file
1414
tests/compat.sh
Executable file
File diff suppressed because it is too large
Load Diff
@ -14,6 +14,8 @@
|
||||
# The tests include:
|
||||
# * Unit tests - executed using tests/scripts/run-test-suite.pl
|
||||
# * Self-tests - executed using the test suites above
|
||||
# * System tests - executed using tests/ssl-opt.sh
|
||||
# * Interoperability tests - executed using tests/compat.sh
|
||||
#
|
||||
# The tests focus on functionality and do not consider performance.
|
||||
#
|
||||
@ -34,11 +36,30 @@ if [ -d library -a -d include -a -d tests ]; then :; else
|
||||
exit 1
|
||||
fi
|
||||
|
||||
: ${OPENSSL:="openssl"}
|
||||
: ${OPENSSL_LEGACY:="$OPENSSL"}
|
||||
: ${GNUTLS_CLI:="gnutls-cli"}
|
||||
: ${GNUTLS_SERV:="gnutls-serv"}
|
||||
: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
|
||||
: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
|
||||
|
||||
# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh
|
||||
# we just export the variables they require
|
||||
export OPENSSL_CMD="$OPENSSL"
|
||||
export GNUTLS_CLI="$GNUTLS_CLI"
|
||||
export GNUTLS_SERV="$GNUTLS_SERV"
|
||||
|
||||
CONFIG_H='include/mbedtls/config.h'
|
||||
CONFIG_BAK="$CONFIG_H.bak"
|
||||
|
||||
# Step 0 - print build environment info
|
||||
scripts/output_env.sh
|
||||
OPENSSL="$OPENSSL" \
|
||||
OPENSSL_LEGACY="$OPENSSL_LEGACY" \
|
||||
GNUTLS_CLI="$GNUTLS_CLI" \
|
||||
GNUTLS_SERV="$GNUTLS_SERV" \
|
||||
GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \
|
||||
GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" \
|
||||
scripts/output_env.sh
|
||||
echo
|
||||
|
||||
# Step 1 - Make and instrumented build for code coverage
|
||||
@ -62,6 +83,25 @@ fi
|
||||
perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT
|
||||
echo
|
||||
|
||||
# Step 2b - System Tests
|
||||
sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT
|
||||
echo
|
||||
|
||||
# Step 2c - Compatibility tests
|
||||
sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' | \
|
||||
tee compat-test-$TEST_OUTPUT
|
||||
OPENSSL_CMD="$OPENSSL_LEGACY" \
|
||||
sh compat.sh -m 'ssl3' |tee -a compat-test-$TEST_OUTPUT
|
||||
OPENSSL_CMD="$OPENSSL_LEGACY" \
|
||||
GNUTLS_CLI="$GNUTLS_LEGACY_CLI" \
|
||||
GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \
|
||||
sh compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' | \
|
||||
tee -a compat-test-$TEST_OUTPUT
|
||||
OPENSSL_CMD="$OPENSSL_NEXT" \
|
||||
sh compat.sh -e '^$' -f 'ARIA\|CHACHA' | \
|
||||
tee -a compat-test-$TEST_OUTPUT
|
||||
echo
|
||||
|
||||
# Step 3 - Process the coverage report
|
||||
cd ..
|
||||
make lcov |tee tests/cov-$TEST_OUTPUT
|
||||
@ -97,6 +137,49 @@ TOTAL_SKIP=$SKIPPED_TESTS
|
||||
TOTAL_AVAIL=$(($PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS))
|
||||
TOTAL_EXED=$(($PASSED_TESTS + $FAILED_TESTS))
|
||||
|
||||
# Step 4b - TLS Options tests
|
||||
echo "TLS Options tests - tests/ssl-opt.sh"
|
||||
|
||||
PASSED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p')
|
||||
SKIPPED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p')
|
||||
TOTAL_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p')
|
||||
FAILED_TESTS=$(($TOTAL_TESTS - $PASSED_TESTS))
|
||||
|
||||
echo "Passed : $PASSED_TESTS"
|
||||
echo "Failed : $FAILED_TESTS"
|
||||
echo "Skipped : $SKIPPED_TESTS"
|
||||
echo "Total exec'd tests : $TOTAL_TESTS"
|
||||
echo "Total avail tests : $(($TOTAL_TESTS + $SKIPPED_TESTS))"
|
||||
echo
|
||||
|
||||
TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS))
|
||||
TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS))
|
||||
TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS))
|
||||
TOTAL_AVAIL=$(($TOTAL_AVAIL + $TOTAL_TESTS + $SKIPPED_TESTS))
|
||||
TOTAL_EXED=$(($TOTAL_EXED + $TOTAL_TESTS))
|
||||
|
||||
|
||||
# Step 4c - System Compatibility tests
|
||||
echo "System/Compatibility tests - tests/compat.sh"
|
||||
|
||||
PASSED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }')
|
||||
SKIPPED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }')
|
||||
EXED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }')
|
||||
FAILED_TESTS=$(($EXED_TESTS - $PASSED_TESTS))
|
||||
|
||||
echo "Passed : $PASSED_TESTS"
|
||||
echo "Failed : $FAILED_TESTS"
|
||||
echo "Skipped : $SKIPPED_TESTS"
|
||||
echo "Total exec'd tests : $EXED_TESTS"
|
||||
echo "Total avail tests : $(($EXED_TESTS + $SKIPPED_TESTS))"
|
||||
echo
|
||||
|
||||
TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS))
|
||||
TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS))
|
||||
TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS))
|
||||
TOTAL_AVAIL=$(($TOTAL_AVAIL + $EXED_TESTS + $SKIPPED_TESTS))
|
||||
TOTAL_EXED=$(($TOTAL_EXED + $EXED_TESTS))
|
||||
|
||||
|
||||
# Step 4d - Grand totals
|
||||
echo "-------------------------------------------------------------------------"
|
||||
@ -130,6 +213,8 @@ echo
|
||||
|
||||
|
||||
rm unit-test-$TEST_OUTPUT
|
||||
rm sys-test-$TEST_OUTPUT
|
||||
rm compat-test-$TEST_OUTPUT
|
||||
rm cov-$TEST_OUTPUT
|
||||
|
||||
cd ..
|
||||
|
62
tests/scripts/key-exchanges.pl
Executable file
62
tests/scripts/key-exchanges.pl
Executable file
@ -0,0 +1,62 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
# key-exchanges.pl
|
||||
#
|
||||
# Copyright (c) 2015-2017, ARM Limited, All Rights Reserved
|
||||
#
|
||||
# Purpose
|
||||
#
|
||||
# To test the code dependencies on individual key exchanges in the SSL module.
|
||||
# is a verification step to ensure we don't ship SSL code that do not work
|
||||
# for some build options.
|
||||
#
|
||||
# The process is:
|
||||
# for each possible key exchange
|
||||
# build the library with all but that key exchange disabled
|
||||
#
|
||||
# Usage: tests/scripts/key-exchanges.pl
|
||||
#
|
||||
# This script should be executed from the root of the project directory.
|
||||
#
|
||||
# For best effect, run either with cmake disabled, or cmake enabled in a mode
|
||||
# that includes -Werror.
|
||||
|
||||
use warnings;
|
||||
use strict;
|
||||
|
||||
-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
|
||||
|
||||
my $sed_cmd = 's/^#define \(MBEDTLS_KEY_EXCHANGE_.*_ENABLED\)/\1/p';
|
||||
my $config_h = 'include/mbedtls/config.h';
|
||||
my @kexes = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` );
|
||||
|
||||
system( "cp $config_h $config_h.bak" ) and die;
|
||||
sub abort {
|
||||
system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
|
||||
# use an exit code between 1 and 124 for git bisect (die returns 255)
|
||||
warn $_[0];
|
||||
exit 1;
|
||||
}
|
||||
|
||||
for my $kex (@kexes) {
|
||||
system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
|
||||
system( "make clean" ) and die;
|
||||
|
||||
print "\n******************************************\n";
|
||||
print "* Testing with key exchange: $kex\n";
|
||||
print "******************************************\n";
|
||||
|
||||
# full config with all key exchanges disabled except one
|
||||
system( "scripts/config.pl full" ) and abort "Failed config full\n";
|
||||
for my $k (@kexes) {
|
||||
next if $k eq $kex;
|
||||
system( "scripts/config.pl unset $k" )
|
||||
and abort "Failed to disable $k\n";
|
||||
}
|
||||
|
||||
system( "make lib CFLAGS='-Os -Werror'" ) and abort "Failed to build lib: $kex\n";
|
||||
}
|
||||
|
||||
system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
|
||||
system( "make clean" ) and die;
|
||||
exit 0;
|
86
tests/scripts/tcp_client.pl
Executable file
86
tests/scripts/tcp_client.pl
Executable file
@ -0,0 +1,86 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
# A simple TCP client that sends some data and expects a response.
|
||||
# Usage: tcp_client.pl HOSTNAME PORT DATA1 RESPONSE1
|
||||
# DATA: hex-encoded data to send to the server
|
||||
# RESPONSE: regexp that must match the server's response
|
||||
|
||||
use warnings;
|
||||
use strict;
|
||||
use IO::Socket::INET;
|
||||
|
||||
# Pack hex digits into a binary string, ignoring whitespace.
|
||||
sub parse_hex {
|
||||
my ($hex) = @_;
|
||||
$hex =~ s/\s+//g;
|
||||
return pack('H*', $hex);
|
||||
}
|
||||
|
||||
## Open a TCP connection to the specified host and port.
|
||||
sub open_connection {
|
||||
my ($host, $port) = @_;
|
||||
my $socket = IO::Socket::INET->new(PeerAddr => $host,
|
||||
PeerPort => $port,
|
||||
Proto => 'tcp',
|
||||
Timeout => 1);
|
||||
die "Cannot connect to $host:$port: $!" unless $socket;
|
||||
return $socket;
|
||||
}
|
||||
|
||||
## Close the TCP connection.
|
||||
sub close_connection {
|
||||
my ($connection) = @_;
|
||||
$connection->shutdown(2);
|
||||
# Ignore shutdown failures (at least for now)
|
||||
return 1;
|
||||
}
|
||||
|
||||
## Write the given data, expressed as hexadecimal
|
||||
sub write_data {
|
||||
my ($connection, $hexdata) = @_;
|
||||
my $data = parse_hex($hexdata);
|
||||
my $total_sent = 0;
|
||||
while ($total_sent < length($data)) {
|
||||
my $sent = $connection->send($data, 0);
|
||||
if (!defined $sent) {
|
||||
die "Unable to send data: $!";
|
||||
}
|
||||
$total_sent += $sent;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
## Read a response and check it against an expected prefix
|
||||
sub read_response {
|
||||
my ($connection, $expected_hex) = @_;
|
||||
my $expected_data = parse_hex($expected_hex);
|
||||
my $start_offset = 0;
|
||||
while ($start_offset < length($expected_data)) {
|
||||
my $actual_data;
|
||||
my $ok = $connection->recv($actual_data, length($expected_data));
|
||||
if (!defined $ok) {
|
||||
die "Unable to receive data: $!";
|
||||
}
|
||||
if (($actual_data ^ substr($expected_data, $start_offset)) =~ /[^\000]/) {
|
||||
printf STDERR ("Received \\x%02x instead of \\x%02x at offset %d\n",
|
||||
ord(substr($actual_data, $-[0], 1)),
|
||||
ord(substr($expected_data, $start_offset + $-[0], 1)),
|
||||
$start_offset + $-[0]);
|
||||
return 0;
|
||||
}
|
||||
$start_offset += length($actual_data);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (@ARGV != 4) {
|
||||
print STDERR "Usage: $0 HOSTNAME PORT DATA1 RESPONSE1\n";
|
||||
exit(3);
|
||||
}
|
||||
my ($host, $port, $data1, $response1) = @ARGV;
|
||||
my $connection = open_connection($host, $port);
|
||||
write_data($connection, $data1);
|
||||
if (!read_response($connection, $response1)) {
|
||||
exit(1);
|
||||
}
|
||||
close_connection($connection);
|
@ -9,7 +9,7 @@
|
||||
# Purpose
|
||||
#
|
||||
# For each reference configuration file in the configs directory, build the
|
||||
# configuration and run the test suites.
|
||||
# configuration, run the test suites and compat.sh
|
||||
#
|
||||
# Usage: tests/scripts/test-ref-configs.pl [config-name [...]]
|
||||
|
||||
@ -18,16 +18,22 @@ use strict;
|
||||
|
||||
my %configs = (
|
||||
'config-default.h' => {
|
||||
'opt' => '-f Default',
|
||||
'compat' => '-m tls1_2 -V NO',
|
||||
},
|
||||
'config-mini-tls1_1.h' => {
|
||||
'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'',
|
||||
},
|
||||
'config-suite-b.h' => {
|
||||
'compat' => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
|
||||
},
|
||||
'config-symmetric-only.h' => {
|
||||
},
|
||||
'config-ccm-psk-tls1_2.h' => {
|
||||
'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
|
||||
},
|
||||
'config-thread.h' => {
|
||||
'opt' => '-f ECJPAKE.*nolog',
|
||||
},
|
||||
);
|
||||
|
||||
@ -81,6 +87,30 @@ while( my ($conf, $data) = each %configs ) {
|
||||
|
||||
system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf\n";
|
||||
system( "make test" ) and abort "Failed test suite: $conf\n";
|
||||
|
||||
my $compat = $data->{'compat'};
|
||||
if( $compat )
|
||||
{
|
||||
print "\nrunning compat.sh $compat\n";
|
||||
system( "tests/compat.sh $compat" )
|
||||
and abort "Failed compat.sh: $conf\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
print "\nskipping compat.sh\n";
|
||||
}
|
||||
|
||||
my $opt = $data->{'opt'};
|
||||
if( $opt )
|
||||
{
|
||||
print "\nrunning ssl-opt.sh $opt\n";
|
||||
system( "tests/ssl-opt.sh $opt" )
|
||||
and abort "Failed ssl-opt.sh: $conf\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
print "\nskipping ssl-opt.sh\n";
|
||||
}
|
||||
}
|
||||
|
||||
system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
|
||||
|
36
tests/scripts/travis-log-failure.sh
Executable file
36
tests/scripts/travis-log-failure.sh
Executable file
@ -0,0 +1,36 @@
|
||||
#!/bin/sh
|
||||
|
||||
# travis-log-failure.sh
|
||||
#
|
||||
# This file is part of mbed TLS (https://tls.mbed.org)
|
||||
#
|
||||
# Copyright (c) 2016, ARM Limited, All Rights Reserved
|
||||
#
|
||||
# Purpose
|
||||
#
|
||||
# List the server and client logs on failed ssl-opt.sh and compat.sh tests.
|
||||
# This script is used to make the logs show up in the Travis test results.
|
||||
#
|
||||
# Some of the logs can be very long: this means usually a couple of megabytes
|
||||
# but it can be much more. For example, the client log of test 273 in ssl-opt.sh
|
||||
# is more than 630 Megabytes long.
|
||||
|
||||
if [ -d include/mbedtls ]; then :; else
|
||||
echo "$0: must be run from root" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
FILES="o-srv-*.log o-cli-*.log c-srv-*.log c-cli-*.log o-pxy-*.log"
|
||||
MAX_LOG_SIZE=1048576
|
||||
|
||||
for PATTERN in $FILES; do
|
||||
for LOG in $( ls tests/$PATTERN 2>/dev/null ); do
|
||||
echo
|
||||
echo "****** BEGIN file: $LOG ******"
|
||||
echo
|
||||
tail -c $MAX_LOG_SIZE $LOG
|
||||
echo "****** END file: $LOG ******"
|
||||
echo
|
||||
rm $LOG
|
||||
done
|
||||
done
|
7707
tests/ssl-opt.sh
Executable file
7707
tests/ssl-opt.sh
Executable file
File diff suppressed because it is too large
Load Diff
64
tests/suites/test_suite_debug.data
Normal file
64
tests/suites/test_suite_debug.data
Normal file
@ -0,0 +1,64 @@
|
||||
Debug print msg (threshold 1, level 0)
|
||||
debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n"
|
||||
|
||||
Debug print msg (threshold 1, level 1)
|
||||
debug_print_msg_threshold:1:1:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n"
|
||||
|
||||
Debug print msg (threshold 1, level 2)
|
||||
debug_print_msg_threshold:1:2:"MyFile":999:""
|
||||
|
||||
Debug print msg (threshold 0, level 1)
|
||||
debug_print_msg_threshold:0:1:"MyFile":999:""
|
||||
|
||||
Debug print msg (threshold 0, level 5)
|
||||
debug_print_msg_threshold:0:5:"MyFile":999:""
|
||||
|
||||
Debug print return value #1
|
||||
mbedtls_debug_print_ret:"MyFile":999:"Test return value":0:"MyFile(0999)\: Test return value() returned 0 (-0x0000)\n"
|
||||
|
||||
Debug print return value #2
|
||||
mbedtls_debug_print_ret:"MyFile":999:"Test return value":-0x1000:"MyFile(0999)\: Test return value() returned -4096 (-0x1000)\n"
|
||||
|
||||
Debug print return value #3
|
||||
mbedtls_debug_print_ret:"MyFile":999:"Test return value":-0xFFFF:"MyFile(0999)\: Test return value() returned -65535 (-0xffff)\n"
|
||||
|
||||
Debug print buffer #1
|
||||
mbedtls_debug_print_buf:"MyFile":999:"Test return value":"":"MyFile(0999)\: dumping 'Test return value' (0 bytes)\n"
|
||||
|
||||
Debug print buffer #2
|
||||
mbedtls_debug_print_buf:"MyFile":999:"Test return value":"00":"MyFile(0999)\: dumping 'Test return value' (1 bytes)\nMyFile(0999)\: 0000\: 00 .\n"
|
||||
|
||||
Debug print buffer #3
|
||||
mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F":"MyFile(0999)\: dumping 'Test return value' (16 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\n"
|
||||
|
||||
Debug print buffer #4
|
||||
mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F00":"MyFile(0999)\: dumping 'Test return value' (17 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 00 .\n"
|
||||
|
||||
Debug print buffer #5
|
||||
mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n"
|
||||
|
||||
Debug print certificate #1 (RSA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||
mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2011-02-12 14\:44\:06\nMyFile(0999)\: expires on \: 2021-02-12 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
|
||||
|
||||
Debug print certificate #2 (EC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
|
||||
mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2013-09-24 15\:49\:48\nMyFile(0999)\: expires on \: 2023-09-22 15\:49\:48\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
|
||||
|
||||
Debug print mbedtls_mpi #1
|
||||
mbedtls_debug_print_mpi:16:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n"
|
||||
|
||||
Debug print mbedtls_mpi #2
|
||||
mbedtls_debug_print_mpi:16:"00000000000007":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (3 bits) is\:\nMyFile(0999)\: 07\n"
|
||||
|
||||
Debug print mbedtls_mpi #3
|
||||
mbedtls_debug_print_mpi:16:"00000000000000":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n"
|
||||
|
||||
Debug print mbedtls_mpi #4
|
||||
mbedtls_debug_print_mpi:16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
|
||||
|
||||
Debug print mbedtls_mpi #5
|
||||
mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
|
||||
|
||||
Debug print mbedtls_mpi #6
|
||||
mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000041379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (759 bits) is\:\nMyFile(0999)\: 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a 14\nMyFile(0999)\: 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90 ff\nMyFile(0999)\: e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c 09\nMyFile(0999)\: 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89 af\nMyFile(0999)\: 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b 52\nMyFile(0999)\: 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
|
195
tests/suites/test_suite_debug.function
Normal file
195
tests/suites/test_suite_debug.function
Normal file
@ -0,0 +1,195 @@
|
||||
/* BEGIN_HEADER */
|
||||
#include "mbedtls/debug.h"
|
||||
#include "string.h"
|
||||
|
||||
struct buffer_data
|
||||
{
|
||||
char buf[2000];
|
||||
char *ptr;
|
||||
};
|
||||
|
||||
void string_debug(void *data, int level, const char *file, int line, const char *str)
|
||||
{
|
||||
struct buffer_data *buffer = (struct buffer_data *) data;
|
||||
char *p = buffer->ptr;
|
||||
((void) level);
|
||||
|
||||
memcpy( p, file, strlen( file ) );
|
||||
p += strlen( file );
|
||||
|
||||
*p++ = '(';
|
||||
*p++ = '0' + ( line / 1000 ) % 10;
|
||||
*p++ = '0' + ( line / 100 ) % 10;
|
||||
*p++ = '0' + ( line / 10 ) % 10;
|
||||
*p++ = '0' + ( line / 1 ) % 10;
|
||||
*p++ = ')';
|
||||
*p++ = ':';
|
||||
*p++ = ' ';
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
/* Skip "thread ID" (up to the first space) as it is not predictable */
|
||||
while( *str++ != ' ' );
|
||||
#endif
|
||||
|
||||
memcpy( p, str, strlen( str ) );
|
||||
p += strlen( str );
|
||||
|
||||
/* Detect if debug messages output partial lines and mark them */
|
||||
if( p[-1] != '\n' )
|
||||
*p++ = '*';
|
||||
|
||||
buffer->ptr = p;
|
||||
}
|
||||
/* END_HEADER */
|
||||
|
||||
/* BEGIN_DEPENDENCIES
|
||||
* depends_on:MBEDTLS_DEBUG_C:MBEDTLS_SSL_TLS_C
|
||||
* END_DEPENDENCIES
|
||||
*/
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void debug_print_msg_threshold( int threshold, int level, char * file,
|
||||
int line, char * result_str )
|
||||
{
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
struct buffer_data buffer;
|
||||
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
memset( buffer.buf, 0, 2000 );
|
||||
buffer.ptr = buffer.buf;
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||
|
||||
mbedtls_debug_set_threshold( threshold );
|
||||
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
||||
|
||||
mbedtls_debug_print_msg( &ssl, level, file, line,
|
||||
"Text message, 2 == %d", 2 );
|
||||
|
||||
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void mbedtls_debug_print_ret( char * file, int line, char * text, int value,
|
||||
char * result_str )
|
||||
{
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
struct buffer_data buffer;
|
||||
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
memset( buffer.buf, 0, 2000 );
|
||||
buffer.ptr = buffer.buf;
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||
|
||||
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
||||
|
||||
mbedtls_debug_print_ret( &ssl, 0, file, line, text, value);
|
||||
|
||||
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void mbedtls_debug_print_buf( char * file, int line, char * text,
|
||||
data_t * data, char * result_str )
|
||||
{
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
struct buffer_data buffer;
|
||||
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
memset( buffer.buf, 0, 2000 );
|
||||
buffer.ptr = buffer.buf;
|
||||
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||
|
||||
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
||||
|
||||
mbedtls_debug_print_buf( &ssl, 0, file, line, text, data->x, data->len );
|
||||
|
||||
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
|
||||
void mbedtls_debug_print_crt( char * crt_file, char * file, int line,
|
||||
char * prefix, char * result_str )
|
||||
{
|
||||
mbedtls_x509_crt crt;
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
struct buffer_data buffer;
|
||||
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_x509_crt_init( &crt );
|
||||
memset( buffer.buf, 0, 2000 );
|
||||
buffer.ptr = buffer.buf;
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||
|
||||
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
|
||||
mbedtls_debug_print_crt( &ssl, 0, file, line, prefix, &crt);
|
||||
|
||||
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crt_free( &crt );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_BIGNUM_C */
|
||||
void mbedtls_debug_print_mpi( int radix, char * value, char * file, int line,
|
||||
char * prefix, char * result_str )
|
||||
{
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
struct buffer_data buffer;
|
||||
mbedtls_mpi val;
|
||||
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_mpi_init( &val );
|
||||
memset( buffer.buf, 0, 2000 );
|
||||
buffer.ptr = buffer.buf;
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &val, radix, value ) == 0 );
|
||||
|
||||
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
||||
|
||||
mbedtls_debug_print_mpi( &ssl, 0, file, line, prefix, &val);
|
||||
|
||||
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_mpi_free( &val );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
}
|
||||
/* END_CASE */
|
59
tests/suites/test_suite_ssl.data
Normal file
59
tests/suites/test_suite_ssl.data
Normal file
@ -0,0 +1,59 @@
|
||||
SSL DTLS replay: initial state, seqnum 0
|
||||
ssl_dtls_replay:"":"000000000000":0
|
||||
|
||||
SSL DTLS replay: 0 seen, 1 arriving
|
||||
ssl_dtls_replay:"000000000000":"000000000001":0
|
||||
|
||||
SSL DTLS replay: 0 seen, 0 replayed
|
||||
ssl_dtls_replay:"000000000000":"000000000000":-1
|
||||
|
||||
SSL DTLS replay: 0-1 seen, 2 arriving
|
||||
ssl_dtls_replay:"000000000000000000000001":"000000000002":0
|
||||
|
||||
SSL DTLS replay: 0-1 seen, 1 replayed
|
||||
ssl_dtls_replay:"000000000000000000000001":"000000000001":-1
|
||||
|
||||
SSL DTLS replay: 0-1 seen, 0 replayed
|
||||
ssl_dtls_replay:"000000000000000000000001":"000000000000":-1
|
||||
|
||||
SSL DTLS replay: new
|
||||
ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340004":0
|
||||
|
||||
SSL DTLS replay: way new
|
||||
ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12350000":0
|
||||
|
||||
SSL DTLS replay: delayed
|
||||
ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340002":0
|
||||
|
||||
SSL DTLS replay: lastest replayed
|
||||
ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340003":-1
|
||||
|
||||
SSL DTLS replay: older replayed
|
||||
ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340001":-1
|
||||
|
||||
SSL DTLS replay: most recent in window, replayed
|
||||
ssl_dtls_replay:"abcd12340000abcd12340002abcd12340003":"abcd12340002":-1
|
||||
|
||||
SSL DTLS replay: oldest in window, replayed
|
||||
ssl_dtls_replay:"abcd12340000abcd12340001abcd1234003f":"abcd12340000":-1
|
||||
|
||||
SSL DTLS replay: oldest in window, not replayed
|
||||
ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd12340000":0
|
||||
|
||||
SSL DTLS replay: just out of the window
|
||||
ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd1233ffff":-1
|
||||
|
||||
SSL DTLS replay: way out of the window
|
||||
ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd12330000":-1
|
||||
|
||||
SSL DTLS replay: big jump then replay
|
||||
ssl_dtls_replay:"abcd12340000abcd12340100":"abcd12340100":-1
|
||||
|
||||
SSL DTLS replay: big jump then new
|
||||
ssl_dtls_replay:"abcd12340000abcd12340100":"abcd12340101":0
|
||||
|
||||
SSL DTLS replay: big jump then just delayed
|
||||
ssl_dtls_replay:"abcd12340000abcd12340100":"abcd123400ff":0
|
||||
|
||||
SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice
|
||||
ssl_set_hostname_twice:"server0":"server1"
|
54
tests/suites/test_suite_ssl.function
Normal file
54
tests/suites/test_suite_ssl.function
Normal file
@ -0,0 +1,54 @@
|
||||
/* BEGIN_HEADER */
|
||||
#include <mbedtls/ssl.h>
|
||||
#include <mbedtls/ssl_internal.h>
|
||||
/* END_HEADER */
|
||||
|
||||
/* BEGIN_DEPENDENCIES
|
||||
* depends_on:MBEDTLS_SSL_TLS_C
|
||||
* END_DEPENDENCIES
|
||||
*/
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
|
||||
void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
|
||||
{
|
||||
uint32_t len = 0;
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
|
||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||
|
||||
/* Read previous record numbers */
|
||||
for( len = 0; len < prevs->len; len += 6 )
|
||||
{
|
||||
memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
|
||||
mbedtls_ssl_dtls_replay_update( &ssl );
|
||||
}
|
||||
|
||||
/* Check new number */
|
||||
memcpy( ssl.in_ctr + 2, new->x, 6 );
|
||||
TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
|
||||
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
|
||||
void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
|
||||
{
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_init( &ssl );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
|
||||
TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
|
||||
|
||||
mbedtls_ssl_free( &ssl );
|
||||
}
|
||||
/* END_CASE */
|
1995
tests/suites/test_suite_x509parse.data
Normal file
1995
tests/suites/test_suite_x509parse.data
Normal file
File diff suppressed because it is too large
Load Diff
861
tests/suites/test_suite_x509parse.function
Normal file
861
tests/suites/test_suite_x509parse.function
Normal file
@ -0,0 +1,861 @@
|
||||
/* BEGIN_HEADER */
|
||||
#include "mbedtls/bignum.h"
|
||||
#include "mbedtls/x509.h"
|
||||
#include "mbedtls/x509_crt.h"
|
||||
#include "mbedtls/x509_crl.h"
|
||||
#include "mbedtls/x509_csr.h"
|
||||
#include "mbedtls/pem.h"
|
||||
#include "mbedtls/oid.h"
|
||||
#include "mbedtls/base64.h"
|
||||
#include "string.h"
|
||||
|
||||
#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
|
||||
#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
|
||||
than the current threshold 19. To test larger values, please \
|
||||
adapt the script tests/data_files/dir-max/long.sh."
|
||||
#endif
|
||||
|
||||
/* Profile for backward compatibility. Allows SHA-1, unlike the default
|
||||
profile. */
|
||||
const mbedtls_x509_crt_profile compat_profile =
|
||||
{
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) |
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
|
||||
0xFFFFFFF, /* Any PK alg */
|
||||
0xFFFFFFF, /* Any curve */
|
||||
1024,
|
||||
};
|
||||
|
||||
const mbedtls_x509_crt_profile profile_rsa3072 =
|
||||
{
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ),
|
||||
0,
|
||||
3072,
|
||||
};
|
||||
|
||||
const mbedtls_x509_crt_profile profile_sha512 =
|
||||
{
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
|
||||
0xFFFFFFF, /* Any PK alg */
|
||||
0xFFFFFFF, /* Any curve */
|
||||
1024,
|
||||
};
|
||||
|
||||
int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
|
||||
{
|
||||
((void) data);
|
||||
((void) crt);
|
||||
((void) certificate_depth);
|
||||
*flags |= MBEDTLS_X509_BADCERT_OTHER;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
|
||||
{
|
||||
((void) data);
|
||||
((void) crt);
|
||||
((void) certificate_depth);
|
||||
*flags = 0;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int verify_fatal( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
|
||||
{
|
||||
int *levels = (int *) data;
|
||||
|
||||
((void) crt);
|
||||
((void) certificate_depth);
|
||||
|
||||
/* Simulate a fatal error in the callback */
|
||||
if( *levels & ( 1 << certificate_depth ) )
|
||||
{
|
||||
*flags |= ( 1 << certificate_depth );
|
||||
return( -1 - certificate_depth );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/* strsep() not available on Windows */
|
||||
char *mystrsep(char **stringp, const char *delim)
|
||||
{
|
||||
const char *p;
|
||||
char *ret = *stringp;
|
||||
|
||||
if( *stringp == NULL )
|
||||
return( NULL );
|
||||
|
||||
for( ; ; (*stringp)++ )
|
||||
{
|
||||
if( **stringp == '\0' )
|
||||
{
|
||||
*stringp = NULL;
|
||||
goto done;
|
||||
}
|
||||
|
||||
for( p = delim; *p != '\0'; p++ )
|
||||
if( **stringp == *p )
|
||||
{
|
||||
**stringp = '\0';
|
||||
(*stringp)++;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
done:
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
typedef struct {
|
||||
char buf[512];
|
||||
char *p;
|
||||
} verify_print_context;
|
||||
|
||||
void verify_print_init( verify_print_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( verify_print_context ) );
|
||||
ctx->p = ctx->buf;
|
||||
}
|
||||
|
||||
int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
|
||||
{
|
||||
int ret;
|
||||
verify_print_context *ctx = (verify_print_context *) data;
|
||||
char *p = ctx->p;
|
||||
size_t n = ctx->buf + sizeof( ctx->buf ) - ctx->p;
|
||||
((void) flags);
|
||||
|
||||
ret = mbedtls_snprintf( p, n, "depth %d - serial ", certificate_depth );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
ret = mbedtls_snprintf( p, n, " - subject " );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
ret = mbedtls_snprintf( p, n, " - flags 0x%08x\n", *flags );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
ctx->p = p;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
/* END_HEADER */
|
||||
|
||||
/* BEGIN_DEPENDENCIES
|
||||
* depends_on:MBEDTLS_BIGNUM_C
|
||||
* END_DEPENDENCIES
|
||||
*/
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
|
||||
void x509_cert_info( char * crt_file, char * result_str )
|
||||
{
|
||||
mbedtls_x509_crt crt;
|
||||
char buf[2000];
|
||||
int res;
|
||||
|
||||
mbedtls_x509_crt_init( &crt );
|
||||
memset( buf, 0, 2000 );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
|
||||
res = mbedtls_x509_crt_info( buf, 2000, "", &crt );
|
||||
|
||||
TEST_ASSERT( res != -1 );
|
||||
TEST_ASSERT( res != -2 );
|
||||
|
||||
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crt_free( &crt );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
|
||||
void mbedtls_x509_crl_info( char * crl_file, char * result_str )
|
||||
{
|
||||
mbedtls_x509_crl crl;
|
||||
char buf[2000];
|
||||
int res;
|
||||
|
||||
mbedtls_x509_crl_init( &crl );
|
||||
memset( buf, 0, 2000 );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
|
||||
res = mbedtls_x509_crl_info( buf, 2000, "", &crl );
|
||||
|
||||
TEST_ASSERT( res != -1 );
|
||||
TEST_ASSERT( res != -2 );
|
||||
|
||||
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crl_free( &crl );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
|
||||
void mbedtls_x509_crl_parse( char * crl_file, int result )
|
||||
{
|
||||
mbedtls_x509_crl crl;
|
||||
char buf[2000];
|
||||
|
||||
mbedtls_x509_crl_init( &crl );
|
||||
memset( buf, 0, 2000 );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == result );
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crl_free( &crl );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C */
|
||||
void mbedtls_x509_csr_info( char * csr_file, char * result_str )
|
||||
{
|
||||
mbedtls_x509_csr csr;
|
||||
char buf[2000];
|
||||
int res;
|
||||
|
||||
mbedtls_x509_csr_init( &csr );
|
||||
memset( buf, 0, 2000 );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_csr_parse_file( &csr, csr_file ) == 0 );
|
||||
res = mbedtls_x509_csr_info( buf, 2000, "", &csr );
|
||||
|
||||
TEST_ASSERT( res != -1 );
|
||||
TEST_ASSERT( res != -2 );
|
||||
|
||||
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_x509_csr_free( &csr );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
|
||||
void x509_verify_info( int flags, char * prefix, char * result_str )
|
||||
{
|
||||
char buf[2000];
|
||||
int res;
|
||||
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
|
||||
res = mbedtls_x509_crt_verify_info( buf, sizeof( buf ), prefix, flags );
|
||||
|
||||
TEST_ASSERT( res >= 0 );
|
||||
|
||||
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */
|
||||
void x509_verify_restart( char *crt_file, char *ca_file,
|
||||
int result, int flags_result,
|
||||
int max_ops, int min_restart, int max_restart )
|
||||
{
|
||||
int ret, cnt_restart;
|
||||
mbedtls_x509_crt_restart_ctx rs_ctx;
|
||||
mbedtls_x509_crt crt;
|
||||
mbedtls_x509_crt ca;
|
||||
uint32_t flags = 0;
|
||||
|
||||
/*
|
||||
* See comments on ecp_test_vect_restart() for op count precision.
|
||||
*
|
||||
* For reference, with mbed TLS 2.6 and default settings:
|
||||
* - ecdsa_verify() for P-256: ~ 6700
|
||||
* - ecdsa_verify() for P-384: ~ 18800
|
||||
* - x509_verify() for server5 -> test-ca2: ~ 18800
|
||||
* - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500
|
||||
*/
|
||||
|
||||
mbedtls_x509_crt_restart_init( &rs_ctx );
|
||||
mbedtls_x509_crt_init( &crt );
|
||||
mbedtls_x509_crt_init( &ca );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
|
||||
|
||||
mbedtls_ecp_set_max_ops( max_ops );
|
||||
|
||||
cnt_restart = 0;
|
||||
do {
|
||||
ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL,
|
||||
&mbedtls_x509_crt_profile_default, NULL, &flags,
|
||||
NULL, NULL, &rs_ctx );
|
||||
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
|
||||
|
||||
TEST_ASSERT( ret == result );
|
||||
TEST_ASSERT( flags == (uint32_t) flags_result );
|
||||
|
||||
TEST_ASSERT( cnt_restart >= min_restart );
|
||||
TEST_ASSERT( cnt_restart <= max_restart );
|
||||
|
||||
/* Do we leak memory when aborting? */
|
||||
ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL,
|
||||
&mbedtls_x509_crt_profile_default, NULL, &flags,
|
||||
NULL, NULL, &rs_ctx );
|
||||
TEST_ASSERT( ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crt_restart_free( &rs_ctx );
|
||||
mbedtls_x509_crt_free( &crt );
|
||||
mbedtls_x509_crt_free( &ca );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
|
||||
void x509_verify( char *crt_file, char *ca_file, char *crl_file,
|
||||
char *cn_name_str, int result, int flags_result,
|
||||
char *profile_str,
|
||||
char *verify_callback )
|
||||
{
|
||||
mbedtls_x509_crt crt;
|
||||
mbedtls_x509_crt ca;
|
||||
mbedtls_x509_crl crl;
|
||||
uint32_t flags = 0;
|
||||
int res;
|
||||
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL;
|
||||
char * cn_name = NULL;
|
||||
const mbedtls_x509_crt_profile *profile;
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
TEST_ASSERT( psa_crypto_init() == 0 );
|
||||
#endif
|
||||
|
||||
mbedtls_x509_crt_init( &crt );
|
||||
mbedtls_x509_crt_init( &ca );
|
||||
mbedtls_x509_crl_init( &crl );
|
||||
|
||||
if( strcmp( cn_name_str, "NULL" ) != 0 )
|
||||
cn_name = cn_name_str;
|
||||
|
||||
if( strcmp( profile_str, "" ) == 0 )
|
||||
profile = &mbedtls_x509_crt_profile_default;
|
||||
else if( strcmp( profile_str, "next" ) == 0 )
|
||||
profile = &mbedtls_x509_crt_profile_next;
|
||||
else if( strcmp( profile_str, "suite_b" ) == 0 )
|
||||
profile = &mbedtls_x509_crt_profile_suiteb;
|
||||
else if( strcmp( profile_str, "compat" ) == 0 )
|
||||
profile = &compat_profile;
|
||||
else
|
||||
TEST_ASSERT( "Unknown algorithm profile" == 0 );
|
||||
|
||||
if( strcmp( verify_callback, "NULL" ) == 0 )
|
||||
f_vrfy = NULL;
|
||||
else if( strcmp( verify_callback, "verify_none" ) == 0 )
|
||||
f_vrfy = verify_none;
|
||||
else if( strcmp( verify_callback, "verify_all" ) == 0 )
|
||||
f_vrfy = verify_all;
|
||||
else
|
||||
TEST_ASSERT( "No known verify callback selected" == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
|
||||
TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
|
||||
|
||||
res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, cn_name, &flags, f_vrfy, NULL );
|
||||
|
||||
TEST_ASSERT( res == ( result ) );
|
||||
TEST_ASSERT( flags == (uint32_t)( flags_result ) );
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crt_free( &crt );
|
||||
mbedtls_x509_crt_free( &ca );
|
||||
mbedtls_x509_crl_free( &crl );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
|
||||
void x509_verify_callback( char *crt_file, char *ca_file, char *name,
|
||||
int exp_ret, char *exp_vrfy_out )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_x509_crt crt;
|
||||
mbedtls_x509_crt ca;
|
||||
uint32_t flags = 0;
|
||||
verify_print_context vrfy_ctx;
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
TEST_ASSERT( psa_crypto_init() == 0 );
|
||||
#endif
|
||||
|
||||
mbedtls_x509_crt_init( &crt );
|
||||
mbedtls_x509_crt_init( &ca );
|
||||
verify_print_init( &vrfy_ctx );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
|
||||
|
||||
if( strcmp( name, "NULL" ) == 0 )
|
||||
name = NULL;
|
||||
|
||||
ret = mbedtls_x509_crt_verify_with_profile( &crt, &ca, NULL,
|
||||
&compat_profile,
|
||||
name, &flags,
|
||||
verify_print, &vrfy_ctx );
|
||||
|
||||
TEST_ASSERT( ret == exp_ret );
|
||||
TEST_ASSERT( strcmp( vrfy_ctx.buf, exp_vrfy_out ) == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crt_free( &crt );
|
||||
mbedtls_x509_crt_free( &ca );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
|
||||
void mbedtls_x509_dn_gets( char * crt_file, char * entity, char * result_str )
|
||||
{
|
||||
mbedtls_x509_crt crt;
|
||||
char buf[2000];
|
||||
int res = 0;
|
||||
|
||||
mbedtls_x509_crt_init( &crt );
|
||||
memset( buf, 0, 2000 );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
|
||||
if( strcmp( entity, "subject" ) == 0 )
|
||||
res = mbedtls_x509_dn_gets( buf, 2000, &crt.subject );
|
||||
else if( strcmp( entity, "issuer" ) == 0 )
|
||||
res = mbedtls_x509_dn_gets( buf, 2000, &crt.issuer );
|
||||
else
|
||||
TEST_ASSERT( "Unknown entity" == 0 );
|
||||
|
||||
TEST_ASSERT( res != -1 );
|
||||
TEST_ASSERT( res != -2 );
|
||||
|
||||
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crt_free( &crt );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
|
||||
void mbedtls_x509_time_is_past( char * crt_file, char * entity, int result )
|
||||
{
|
||||
mbedtls_x509_crt crt;
|
||||
|
||||
mbedtls_x509_crt_init( &crt );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
|
||||
|
||||
if( strcmp( entity, "valid_from" ) == 0 )
|
||||
TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_from ) == result );
|
||||
else if( strcmp( entity, "valid_to" ) == 0 )
|
||||
TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_to ) == result );
|
||||
else
|
||||
TEST_ASSERT( "Unknown entity" == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crt_free( &crt );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
|
||||
void mbedtls_x509_time_is_future( char * crt_file, char * entity, int result )
|
||||
{
|
||||
mbedtls_x509_crt crt;
|
||||
|
||||
mbedtls_x509_crt_init( &crt );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
|
||||
|
||||
if( strcmp( entity, "valid_from" ) == 0 )
|
||||
TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_from ) == result );
|
||||
else if( strcmp( entity, "valid_to" ) == 0 )
|
||||
TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_to ) == result );
|
||||
else
|
||||
TEST_ASSERT( "Unknown entity" == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crt_free( &crt );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
|
||||
void x509parse_crt_file( char * crt_file, int result )
|
||||
{
|
||||
mbedtls_x509_crt crt;
|
||||
|
||||
mbedtls_x509_crt_init( &crt );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == result );
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crt_free( &crt );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
|
||||
void x509parse_crt( data_t * buf, char * result_str, int result )
|
||||
{
|
||||
mbedtls_x509_crt crt;
|
||||
unsigned char output[2000];
|
||||
int res;
|
||||
|
||||
mbedtls_x509_crt_init( &crt );
|
||||
memset( output, 0, 2000 );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_der( &crt, buf->x, buf->len ) == ( result ) );
|
||||
if( ( result ) == 0 )
|
||||
{
|
||||
res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
|
||||
|
||||
TEST_ASSERT( res != -1 );
|
||||
TEST_ASSERT( res != -2 );
|
||||
|
||||
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
|
||||
}
|
||||
|
||||
mbedtls_x509_crt_free( &crt );
|
||||
mbedtls_x509_crt_init( &crt );
|
||||
memset( output, 0, 2000 );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_der_nocopy( &crt, buf->x, buf->len ) == ( result ) );
|
||||
if( ( result ) == 0 )
|
||||
{
|
||||
res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
|
||||
|
||||
TEST_ASSERT( res != -1 );
|
||||
TEST_ASSERT( res != -2 );
|
||||
|
||||
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crt_free( &crt );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C */
|
||||
void x509parse_crl( data_t * buf, char * result_str, int result )
|
||||
{
|
||||
mbedtls_x509_crl crl;
|
||||
unsigned char output[2000];
|
||||
int res;
|
||||
|
||||
mbedtls_x509_crl_init( &crl );
|
||||
memset( output, 0, 2000 );
|
||||
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crl_parse( &crl, buf->x, buf->len ) == ( result ) );
|
||||
if( ( result ) == 0 )
|
||||
{
|
||||
res = mbedtls_x509_crl_info( (char *) output, 2000, "", &crl );
|
||||
|
||||
TEST_ASSERT( res != -1 );
|
||||
TEST_ASSERT( res != -2 );
|
||||
|
||||
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crl_free( &crl );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C */
|
||||
void mbedtls_x509_csr_parse( data_t * csr_der, char * ref_out, int ref_ret )
|
||||
{
|
||||
mbedtls_x509_csr csr;
|
||||
char my_out[1000];
|
||||
int my_ret;
|
||||
|
||||
mbedtls_x509_csr_init( &csr );
|
||||
memset( my_out, 0, sizeof( my_out ) );
|
||||
|
||||
my_ret = mbedtls_x509_csr_parse_der( &csr, csr_der->x, csr_der->len );
|
||||
TEST_ASSERT( my_ret == ref_ret );
|
||||
|
||||
if( ref_ret == 0 )
|
||||
{
|
||||
size_t my_out_len = mbedtls_x509_csr_info( my_out, sizeof( my_out ), "", &csr );
|
||||
TEST_ASSERT( my_out_len == strlen( ref_out ) );
|
||||
TEST_ASSERT( strcmp( my_out, ref_out ) == 0 );
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_x509_csr_free( &csr );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
|
||||
void mbedtls_x509_crt_parse_path( char * crt_path, int ret, int nb_crt )
|
||||
{
|
||||
mbedtls_x509_crt chain, *cur;
|
||||
int i;
|
||||
|
||||
mbedtls_x509_crt_init( &chain );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_path( &chain, crt_path ) == ret );
|
||||
|
||||
/* Check how many certs we got */
|
||||
for( i = 0, cur = &chain; cur != NULL; cur = cur->next )
|
||||
if( cur->raw.p != NULL )
|
||||
i++;
|
||||
|
||||
TEST_ASSERT( i == nb_crt );
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crt_free( &chain );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
|
||||
void mbedtls_x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int,
|
||||
int ret_chk, int flags_chk )
|
||||
{
|
||||
char file_buf[128];
|
||||
int ret;
|
||||
uint32_t flags;
|
||||
mbedtls_x509_crt trusted, chain;
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
TEST_ASSERT( psa_crypto_init() == 0 );
|
||||
#endif
|
||||
|
||||
/*
|
||||
* We expect chain_dir to contain certificates 00.crt, 01.crt, etc.
|
||||
* with NN.crt signed by NN-1.crt
|
||||
*/
|
||||
|
||||
mbedtls_x509_crt_init( &trusted );
|
||||
mbedtls_x509_crt_init( &chain );
|
||||
|
||||
/* Load trusted root */
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, ca_file ) == 0 );
|
||||
|
||||
/* Load a chain with nb_int intermediates (from 01 to nb_int),
|
||||
* plus one "end-entity" cert (nb_int + 1) */
|
||||
ret = mbedtls_snprintf( file_buf, sizeof file_buf, "%s/c%02d.pem", chain_dir,
|
||||
nb_int + 1 );
|
||||
TEST_ASSERT( ret > 0 && (size_t) ret < sizeof file_buf );
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, file_buf ) == 0 );
|
||||
|
||||
/* Try to verify that chain */
|
||||
ret = mbedtls_x509_crt_verify( &chain, &trusted, NULL, NULL, &flags,
|
||||
NULL, NULL );
|
||||
TEST_ASSERT( ret == ret_chk );
|
||||
TEST_ASSERT( flags == (uint32_t) flags_chk );
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crt_free( &chain );
|
||||
mbedtls_x509_crt_free( &trusted );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
|
||||
void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca,
|
||||
int flags_result, int result,
|
||||
char *profile_name, int vrfy_fatal_lvls )
|
||||
{
|
||||
char* act;
|
||||
uint32_t flags;
|
||||
int res;
|
||||
mbedtls_x509_crt trusted, chain;
|
||||
const mbedtls_x509_crt_profile *profile = NULL;
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
TEST_ASSERT( psa_crypto_init() == 0 );
|
||||
#endif
|
||||
|
||||
mbedtls_x509_crt_init( &chain );
|
||||
mbedtls_x509_crt_init( &trusted );
|
||||
|
||||
while( ( act = mystrsep( &chain_paths, " " ) ) != NULL )
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, act ) == 0 );
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, trusted_ca ) == 0 );
|
||||
|
||||
if( strcmp( profile_name, "" ) == 0 )
|
||||
profile = &mbedtls_x509_crt_profile_default;
|
||||
else if( strcmp( profile_name, "next" ) == 0 )
|
||||
profile = &mbedtls_x509_crt_profile_next;
|
||||
else if( strcmp( profile_name, "suiteb" ) == 0 )
|
||||
profile = &mbedtls_x509_crt_profile_suiteb;
|
||||
else if( strcmp( profile_name, "rsa3072" ) == 0 )
|
||||
profile = &profile_rsa3072;
|
||||
else if( strcmp( profile_name, "sha512" ) == 0 )
|
||||
profile = &profile_sha512;
|
||||
|
||||
res = mbedtls_x509_crt_verify_with_profile( &chain, &trusted, NULL, profile,
|
||||
NULL, &flags, verify_fatal, &vrfy_fatal_lvls );
|
||||
|
||||
TEST_ASSERT( res == ( result ) );
|
||||
TEST_ASSERT( flags == (uint32_t)( flags_result ) );
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crt_free( &trusted );
|
||||
mbedtls_x509_crt_free( &chain );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
|
||||
void x509_oid_desc( data_t * buf, char * ref_desc )
|
||||
{
|
||||
mbedtls_x509_buf oid;
|
||||
const char *desc = NULL;
|
||||
int ret;
|
||||
|
||||
|
||||
oid.tag = MBEDTLS_ASN1_OID;
|
||||
oid.p = buf->x;
|
||||
oid.len = buf->len;
|
||||
|
||||
ret = mbedtls_oid_get_extended_key_usage( &oid, &desc );
|
||||
|
||||
if( strcmp( ref_desc, "notfound" ) == 0 )
|
||||
{
|
||||
TEST_ASSERT( ret != 0 );
|
||||
TEST_ASSERT( desc == NULL );
|
||||
}
|
||||
else
|
||||
{
|
||||
TEST_ASSERT( ret == 0 );
|
||||
TEST_ASSERT( desc != NULL );
|
||||
TEST_ASSERT( strcmp( desc, ref_desc ) == 0 );
|
||||
}
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
|
||||
void x509_oid_numstr( data_t * oid_buf, char * numstr, int blen, int ret )
|
||||
{
|
||||
mbedtls_x509_buf oid;
|
||||
char num_buf[100];
|
||||
|
||||
memset( num_buf, 0x2a, sizeof num_buf );
|
||||
|
||||
oid.tag = MBEDTLS_ASN1_OID;
|
||||
oid.p = oid_buf->x;
|
||||
oid.len = oid_buf->len;
|
||||
|
||||
TEST_ASSERT( (size_t) blen <= sizeof num_buf );
|
||||
|
||||
TEST_ASSERT( mbedtls_oid_get_numeric_string( num_buf, blen, &oid ) == ret );
|
||||
|
||||
if( ret >= 0 )
|
||||
{
|
||||
TEST_ASSERT( num_buf[ret] == 0 );
|
||||
TEST_ASSERT( strcmp( num_buf, numstr ) == 0 );
|
||||
}
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_KEY_USAGE */
|
||||
void x509_check_key_usage( char * crt_file, int usage, int ret )
|
||||
{
|
||||
mbedtls_x509_crt crt;
|
||||
|
||||
mbedtls_x509_crt_init( &crt );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_check_key_usage( &crt, usage ) == ret );
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crt_free( &crt );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
|
||||
void x509_check_extended_key_usage( char * crt_file, data_t * oid, int ret
|
||||
)
|
||||
{
|
||||
mbedtls_x509_crt crt;
|
||||
|
||||
mbedtls_x509_crt_init( &crt );
|
||||
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_check_extended_key_usage( &crt, (const char *)oid->x, oid->len ) == ret );
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crt_free( &crt );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
|
||||
void x509_get_time( int tag, char * time_str, int ret, int year, int mon,
|
||||
int day, int hour, int min, int sec )
|
||||
{
|
||||
mbedtls_x509_time time;
|
||||
unsigned char buf[21];
|
||||
unsigned char* start = buf;
|
||||
unsigned char* end = buf;
|
||||
|
||||
memset( &time, 0x00, sizeof( time ) );
|
||||
*end = (unsigned char)tag; end++;
|
||||
*end = strlen( time_str );
|
||||
TEST_ASSERT( *end < 20 );
|
||||
end++;
|
||||
memcpy( end, time_str, (size_t)*(end - 1) );
|
||||
end += *(end - 1);
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_get_time( &start, end, &time ) == ret );
|
||||
if( ret == 0 )
|
||||
{
|
||||
TEST_ASSERT( year == time.year );
|
||||
TEST_ASSERT( mon == time.mon );
|
||||
TEST_ASSERT( day == time.day );
|
||||
TEST_ASSERT( hour == time.hour );
|
||||
TEST_ASSERT( min == time.min );
|
||||
TEST_ASSERT( sec == time.sec );
|
||||
}
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */
|
||||
void x509_parse_rsassa_pss_params( data_t * hex_params, int params_tag,
|
||||
int ref_msg_md, int ref_mgf_md,
|
||||
int ref_salt_len, int ref_ret )
|
||||
{
|
||||
int my_ret;
|
||||
mbedtls_x509_buf params;
|
||||
mbedtls_md_type_t my_msg_md, my_mgf_md;
|
||||
int my_salt_len;
|
||||
|
||||
params.p = hex_params->x;
|
||||
params.len = hex_params->len;
|
||||
params.tag = params_tag;
|
||||
|
||||
my_ret = mbedtls_x509_get_rsassa_pss_params( ¶ms, &my_msg_md, &my_mgf_md,
|
||||
&my_salt_len );
|
||||
|
||||
TEST_ASSERT( my_ret == ref_ret );
|
||||
|
||||
if( ref_ret == 0 )
|
||||
{
|
||||
TEST_ASSERT( my_msg_md == (mbedtls_md_type_t) ref_msg_md );
|
||||
TEST_ASSERT( my_mgf_md == (mbedtls_md_type_t) ref_mgf_md );
|
||||
TEST_ASSERT( my_salt_len == ref_salt_len );
|
||||
}
|
||||
|
||||
exit:
|
||||
;;
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */
|
||||
void x509_selftest( )
|
||||
{
|
||||
TEST_ASSERT( mbedtls_x509_self_test( 1 ) == 0 );
|
||||
}
|
||||
/* END_CASE */
|
105
tests/suites/test_suite_x509write.data
Normal file
105
tests/suites/test_suite_x509write.data
Normal file
@ -0,0 +1,105 @@
|
||||
Certificate Request check Server1 SHA1
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0:0:0
|
||||
|
||||
Certificate Request check Server1 SHA224
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0:0:0
|
||||
|
||||
Certificate Request check Server1 SHA256
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0:0:0
|
||||
|
||||
Certificate Request check Server1 SHA384
|
||||
depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0:0:0
|
||||
|
||||
Certificate Request check Server1 SHA512
|
||||
depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0:0:0
|
||||
|
||||
Certificate Request check Server1 MD4
|
||||
depends_on:MBEDTLS_MD4_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":MBEDTLS_MD_MD4:0:0:0:0
|
||||
|
||||
Certificate Request check Server1 MD5
|
||||
depends_on:MBEDTLS_MD5_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0:0:0
|
||||
|
||||
Certificate Request check Server1 key_usage
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0
|
||||
|
||||
Certificate Request check Server1 key_usage empty
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage_empty":MBEDTLS_MD_SHA1:0:1:0:0
|
||||
|
||||
Certificate Request check Server1 ns_cert_type
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1
|
||||
|
||||
Certificate Request check Server1 ns_cert_type empty
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type_empty":MBEDTLS_MD_SHA1:0:0:0:1
|
||||
|
||||
Certificate Request check Server1 key_usage + ns_cert_type
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1
|
||||
|
||||
Certificate Request check Server5 ECDSA, key_usage
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0
|
||||
|
||||
Certificate Request check opaque Server5 ECDSA, key_usage
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_check_opaque:"data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0
|
||||
|
||||
Certificate write check Server1 SHA1
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, key_usage
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:1:-1:"data_files/server1.key_usage.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, ns_cert_type
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, version 1
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, RSA_ALT
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.noauthid.crt":1
|
||||
|
||||
Certificate write check Server1 SHA1, RSA_ALT, key_usage
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1
|
||||
|
||||
Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1
|
||||
|
||||
Certificate write check Server1 SHA1, RSA_ALT, version 1
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1
|
||||
|
||||
X509 String to Names #1
|
||||
mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0
|
||||
|
||||
X509 String to Names #2
|
||||
mbedtls_x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_UNKNOWN_OID
|
||||
|
||||
X509 String to Names #3 (Name precisely 255 bytes)
|
||||
mbedtls_x509_string_to_names:"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345,OU=PolarSSL":"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345, OU=PolarSSL":0
|
||||
|
||||
X509 String to Names #4 (Name larger than 255 bytes)
|
||||
mbedtls_x509_string_to_names:"C=NL, O=1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
|
||||
|
||||
X509 String to Names #5 (Escape non-allowed characters)
|
||||
mbedtls_x509_string_to_names:"C=NL, O=Offspark\a Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
|
||||
|
||||
X509 String to Names #6 (Escape at end)
|
||||
mbedtls_x509_string_to_names:"C=NL, O=Offspark\":"":MBEDTLS_ERR_X509_INVALID_NAME
|
338
tests/suites/test_suite_x509write.function
Normal file
338
tests/suites/test_suite_x509write.function
Normal file
@ -0,0 +1,338 @@
|
||||
/* BEGIN_HEADER */
|
||||
#include "mbedtls/bignum.h"
|
||||
#include "mbedtls/x509_crt.h"
|
||||
#include "mbedtls/x509_csr.h"
|
||||
#include "mbedtls/pem.h"
|
||||
#include "mbedtls/oid.h"
|
||||
#include "mbedtls/rsa.h"
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "psa/crypto.h"
|
||||
#include "mbedtls/psa_util.h"
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
size_t output_max_len )
|
||||
{
|
||||
return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen,
|
||||
input, output, output_max_len ) );
|
||||
}
|
||||
int mbedtls_rsa_sign_func( void *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
|
||||
const unsigned char *hash, unsigned char *sig )
|
||||
{
|
||||
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode,
|
||||
md_alg, hashlen, hash, sig ) );
|
||||
}
|
||||
size_t mbedtls_rsa_key_len_func( void *ctx )
|
||||
{
|
||||
return( ((const mbedtls_rsa_context *) ctx)->len );
|
||||
}
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
static int x509_crt_verifycsr( const unsigned char *buf, size_t buflen )
|
||||
{
|
||||
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
||||
const mbedtls_md_info_t *md_info;
|
||||
mbedtls_x509_csr csr;
|
||||
|
||||
if( mbedtls_x509_csr_parse( &csr, buf, buflen ) != 0 )
|
||||
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
||||
|
||||
md_info = mbedtls_md_info_from_type( csr.sig_md );
|
||||
if( mbedtls_md( md_info, csr.cri.p, csr.cri.len, hash ) != 0 )
|
||||
{
|
||||
/* Note: this can't happen except after an internal error */
|
||||
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
if( mbedtls_pk_verify_ext( csr.sig_pk, csr.sig_opts, &csr.pk,
|
||||
csr.sig_md, hash, mbedtls_md_get_size( md_info ),
|
||||
csr.sig.p, csr.sig.len ) != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* END_HEADER */
|
||||
|
||||
/* BEGIN_DEPENDENCIES
|
||||
* depends_on:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO:MBEDTLS_PK_PARSE_C
|
||||
* END_DEPENDENCIES
|
||||
*/
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */
|
||||
void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
|
||||
int key_usage, int set_key_usage, int cert_type,
|
||||
int set_cert_type )
|
||||
{
|
||||
mbedtls_pk_context key;
|
||||
mbedtls_x509write_csr req;
|
||||
unsigned char buf[4096];
|
||||
unsigned char check_buf[4000];
|
||||
int ret;
|
||||
size_t olen = 0, pem_len = 0;
|
||||
int der_len = -1;
|
||||
FILE *f;
|
||||
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
|
||||
rnd_pseudo_info rnd_info;
|
||||
|
||||
memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
|
||||
|
||||
mbedtls_pk_init( &key );
|
||||
TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
|
||||
|
||||
mbedtls_x509write_csr_init( &req );
|
||||
mbedtls_x509write_csr_set_md_alg( &req, md_type );
|
||||
mbedtls_x509write_csr_set_key( &req, &key );
|
||||
TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 );
|
||||
if( set_key_usage != 0 )
|
||||
TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 );
|
||||
if( set_cert_type != 0 )
|
||||
TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
|
||||
|
||||
ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ),
|
||||
rnd_pseudo_rand, &rnd_info );
|
||||
TEST_ASSERT( ret == 0 );
|
||||
|
||||
pem_len = strlen( (char *) buf );
|
||||
|
||||
f = fopen( cert_req_check_file, "r" );
|
||||
TEST_ASSERT( f != NULL );
|
||||
olen = fread( check_buf, 1, sizeof( check_buf ), f );
|
||||
fclose( f );
|
||||
|
||||
TEST_ASSERT( olen >= pem_len - 1 );
|
||||
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
|
||||
|
||||
der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ),
|
||||
rnd_pseudo_rand, &rnd_info );
|
||||
TEST_ASSERT( der_len >= 0 );
|
||||
|
||||
if( der_len == 0 )
|
||||
goto exit;
|
||||
|
||||
ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len - 1 ),
|
||||
rnd_pseudo_rand, &rnd_info );
|
||||
TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
exit:
|
||||
mbedtls_x509write_csr_free( &req );
|
||||
mbedtls_pk_free( &key );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C:MBEDTLS_USE_PSA_CRYPTO */
|
||||
void x509_csr_check_opaque( char *key_file, int md_type, int key_usage,
|
||||
int cert_type )
|
||||
{
|
||||
mbedtls_pk_context key;
|
||||
psa_key_handle_t slot;
|
||||
psa_algorithm_t md_alg_psa;
|
||||
mbedtls_x509write_csr req;
|
||||
unsigned char buf[4096];
|
||||
int ret;
|
||||
size_t pem_len = 0;
|
||||
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
|
||||
rnd_pseudo_info rnd_info;
|
||||
|
||||
psa_crypto_init();
|
||||
memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
|
||||
|
||||
md_alg_psa = mbedtls_psa_translate_md( (mbedtls_md_type_t) md_type );
|
||||
TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );
|
||||
|
||||
mbedtls_pk_init( &key );
|
||||
TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
|
||||
TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &slot, md_alg_psa ) == 0 );
|
||||
|
||||
mbedtls_x509write_csr_init( &req );
|
||||
mbedtls_x509write_csr_set_md_alg( &req, md_type );
|
||||
mbedtls_x509write_csr_set_key( &req, &key );
|
||||
TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 );
|
||||
if( key_usage != 0 )
|
||||
TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 );
|
||||
if( cert_type != 0 )
|
||||
TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
|
||||
|
||||
ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ) - 1,
|
||||
rnd_pseudo_rand, &rnd_info );
|
||||
TEST_ASSERT( ret == 0 );
|
||||
|
||||
pem_len = strlen( (char *) buf );
|
||||
buf[pem_len] = '\0';
|
||||
TEST_ASSERT( x509_crt_verifycsr( buf, pem_len + 1 ) == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_x509write_csr_free( &req );
|
||||
mbedtls_pk_free( &key );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CRT_WRITE_C:MBEDTLS_SHA1_C */
|
||||
void x509_crt_check( char *subject_key_file, char *subject_pwd,
|
||||
char *subject_name, char *issuer_key_file,
|
||||
char *issuer_pwd, char *issuer_name,
|
||||
char *serial_str, char *not_before, char *not_after,
|
||||
int md_type, int key_usage, int set_key_usage,
|
||||
int cert_type, int set_cert_type, int auth_ident,
|
||||
int ver, char *cert_check_file, int rsa_alt )
|
||||
{
|
||||
mbedtls_pk_context subject_key, issuer_key, issuer_key_alt;
|
||||
mbedtls_pk_context *key = &issuer_key;
|
||||
|
||||
mbedtls_x509write_cert crt;
|
||||
unsigned char buf[4096];
|
||||
unsigned char check_buf[5000];
|
||||
mbedtls_mpi serial;
|
||||
int ret;
|
||||
size_t olen = 0, pem_len = 0;
|
||||
int der_len = -1;
|
||||
FILE *f;
|
||||
rnd_pseudo_info rnd_info;
|
||||
|
||||
memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
|
||||
mbedtls_mpi_init( &serial );
|
||||
|
||||
mbedtls_pk_init( &subject_key );
|
||||
mbedtls_pk_init( &issuer_key );
|
||||
mbedtls_pk_init( &issuer_key_alt );
|
||||
|
||||
mbedtls_x509write_crt_init( &crt );
|
||||
|
||||
TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file,
|
||||
subject_pwd ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file,
|
||||
issuer_pwd ) == 0 );
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
/* For RSA PK contexts, create a copy as an alternative RSA context. */
|
||||
if( rsa_alt == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA )
|
||||
{
|
||||
TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &issuer_key_alt,
|
||||
mbedtls_pk_rsa( issuer_key ),
|
||||
mbedtls_rsa_decrypt_func,
|
||||
mbedtls_rsa_sign_func,
|
||||
mbedtls_rsa_key_len_func ) == 0 );
|
||||
|
||||
key = &issuer_key_alt;
|
||||
}
|
||||
#else
|
||||
(void) rsa_alt;
|
||||
#endif
|
||||
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &serial, 10, serial_str ) == 0 );
|
||||
|
||||
if( ver != -1 )
|
||||
mbedtls_x509write_crt_set_version( &crt, ver );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509write_crt_set_serial( &crt, &serial ) == 0 );
|
||||
TEST_ASSERT( mbedtls_x509write_crt_set_validity( &crt, not_before,
|
||||
not_after ) == 0 );
|
||||
mbedtls_x509write_crt_set_md_alg( &crt, md_type );
|
||||
TEST_ASSERT( mbedtls_x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 );
|
||||
TEST_ASSERT( mbedtls_x509write_crt_set_subject_name( &crt, subject_name ) == 0 );
|
||||
mbedtls_x509write_crt_set_subject_key( &crt, &subject_key );
|
||||
|
||||
mbedtls_x509write_crt_set_issuer_key( &crt, key );
|
||||
|
||||
if( crt.version >= MBEDTLS_X509_CRT_VERSION_3 )
|
||||
{
|
||||
TEST_ASSERT( mbedtls_x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 );
|
||||
TEST_ASSERT( mbedtls_x509write_crt_set_subject_key_identifier( &crt ) == 0 );
|
||||
if( auth_ident )
|
||||
TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 );
|
||||
if( set_key_usage != 0 )
|
||||
TEST_ASSERT( mbedtls_x509write_crt_set_key_usage( &crt, key_usage ) == 0 );
|
||||
if( set_cert_type != 0 )
|
||||
TEST_ASSERT( mbedtls_x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 );
|
||||
}
|
||||
|
||||
ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof( buf ),
|
||||
rnd_pseudo_rand, &rnd_info );
|
||||
TEST_ASSERT( ret == 0 );
|
||||
|
||||
pem_len = strlen( (char *) buf );
|
||||
|
||||
f = fopen( cert_check_file, "r" );
|
||||
TEST_ASSERT( f != NULL );
|
||||
olen = fread( check_buf, 1, sizeof( check_buf ), f );
|
||||
fclose( f );
|
||||
TEST_ASSERT( olen < sizeof( check_buf ) );
|
||||
|
||||
TEST_ASSERT( olen >= pem_len - 1 );
|
||||
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
|
||||
|
||||
der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ),
|
||||
rnd_pseudo_rand, &rnd_info );
|
||||
TEST_ASSERT( der_len >= 0 );
|
||||
|
||||
if( der_len == 0 )
|
||||
goto exit;
|
||||
|
||||
ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ),
|
||||
rnd_pseudo_rand, &rnd_info );
|
||||
TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
exit:
|
||||
mbedtls_x509write_crt_free( &crt );
|
||||
mbedtls_pk_free( &issuer_key_alt );
|
||||
mbedtls_pk_free( &subject_key );
|
||||
mbedtls_pk_free( &issuer_key );
|
||||
mbedtls_mpi_free( &serial );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */
|
||||
void mbedtls_x509_string_to_names( char * name, char * parsed_name, int result
|
||||
)
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
mbedtls_asn1_named_data *names = NULL;
|
||||
mbedtls_x509_name parsed, *parsed_cur, *parsed_prv;
|
||||
unsigned char buf[1024], out[1024], *c;
|
||||
|
||||
memset( &parsed, 0, sizeof( parsed ) );
|
||||
memset( out, 0, sizeof( out ) );
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
c = buf + sizeof( buf );
|
||||
|
||||
ret = mbedtls_x509_string_to_names( &names, name );
|
||||
TEST_ASSERT( ret == result );
|
||||
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
ret = mbedtls_x509_write_names( &c, buf, names );
|
||||
TEST_ASSERT( ret > 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_asn1_get_tag( &c, buf + sizeof( buf ), &len,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) == 0 );
|
||||
TEST_ASSERT( mbedtls_x509_get_name( &c, buf + sizeof( buf ), &parsed ) == 0 );
|
||||
|
||||
ret = mbedtls_x509_dn_gets( (char *) out, sizeof( out ), &parsed );
|
||||
TEST_ASSERT( ret > 0 );
|
||||
|
||||
TEST_ASSERT( strcmp( (char *) out, parsed_name ) == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_asn1_free_named_data_list( &names );
|
||||
|
||||
parsed_cur = parsed.next;
|
||||
while( parsed_cur != 0 )
|
||||
{
|
||||
parsed_prv = parsed_cur;
|
||||
parsed_cur = parsed_cur->next;
|
||||
mbedtls_free( parsed_prv );
|
||||
}
|
||||
}
|
||||
/* END_CASE */
|
Loading…
Reference in New Issue
Block a user