mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-01 04:20:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Test optional fields in authorityKeyId

Browse Source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2023-04-18 08:38:16 +02:00
parent 0ad1006606
commit 1969f6a453
7 changed files with 57 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
tests/data_files/Makefile
View File

@ -551,7 +551,16 @@ crl_cat_rsa-ec.pem:crl.pem crl-ec-sha256.pem
all_final += crl_cat_ec-rsa.pem crl_cat_rsa-ec.pem all_final += crl_cat_ec-rsa.pem crl_cat_rsa-ec.pem
authorityKeyId_subjectKeyId.crt.der: authorityKeyId_subjectKeyId.crt.der:
$(OPENSSL) req -x509 -nodes -days 7300 -key server5.key -outform DER -out authorityKeyId_subjectKeyId.crt.der -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' $(OPENSSL) req -x509 -nodes -days 7300 -key server5.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req'
authorityKeyId_no_keyid.crt.der:
$(OPENSSL) req -x509 -nodes -days 7300 -key server5.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_keyid'
authorityKeyId_no_issuer_serial.crt.der:
$(OPENSSL) req -x509 -nodes -days 7300 -key server5.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_issuer_serial'
authorityKeyId_empty.crt.der:
$(OPENSSL) req -x509 -nodes -days 7300 -key server5.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_empty'
authorityKeyId_subjectKeyId_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der authorityKeyId_subjectKeyId_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
hexdump -ve '1/1 "%.2X"' $< | sed "s/04145061A58FD407D9D782010CE5657F8C6346A713BE/01145061A58FD407D9D782010CE5657F8C6346A713BE/" | xxd -r -p > $@ hexdump -ve '1/1 "%.2X"' $< | sed "s/04145061A58FD407D9D782010CE5657F8C6346A713BE/01145061A58FD407D9D782010CE5657F8C6346A713BE/" | xxd -r -p > $@

BIN
tests/data_files/authorityKeyId_empty.crt.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/authorityKeyId_no_issuer_serial.crt.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/authorityKeyId_no_keyid.crt.der Normal file
View File

Binary file not shown.

7
tests/data_files/authorityKeyId_subjectKeyId.conf
View File

@ -9,3 +9,10 @@ commonName = PolarSSL Test CA
[v3_req] [v3_req]
subjectKeyIdentifier = hash subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always authorityKeyIdentifier = keyid:always,issuer:always
[v3_req_authorityKeyId_no_keyid]
subjectKeyIdentifier = hash
authorityKeyIdentifier = issuer:always
[v3_req_authorityKeyId_no_issuer_serial]
subjectKeyIdentifier = hash
[v3_req_authorityKeyId_empty]
subjectKeyIdentifier = hash

12
tests/suites/test_suite_x509parse.data
View File

@ -3313,6 +3313,18 @@ X509 CRT parse Authority Key Id - Correct Authority Key ID
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId.crt.der":"5061A58FD407D9D782010CE5657F8C6346A713BE":"NL/PolarSSL/PolarSSL Test CA/":"3960EFDE5674DE1F7B761699CF8E5C024E209452":0 x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId.crt.der":"5061A58FD407D9D782010CE5657F8C6346A713BE":"NL/PolarSSL/PolarSSL Test CA/":"3960EFDE5674DE1F7B761699CF8E5C024E209452":0
X509 CRT parse Authority Key Id - Correct Authority Key ID (no keyid)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_no_keyid.crt.der":"":"NL/PolarSSL/PolarSSL Test CA/":"51C00146259B5DA6E11ECEB078D490A296BBE1ED":0
X509 CRT parse Authority Key Id - Correct Authority Key ID (no issuer and serial)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_no_issuer_serial.crt.der":"5061A58FD407D9D782010CE5657F8C6346A713BE":"":"":0
X509 CRT parse Authority Key Id - Correct Authority Key ID (empty)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_empty.crt.der":"":"":"":0
X509 CRT parse Authority Key Id - Wrong Length X509 CRT parse Authority Key Id - Wrong Length
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH

47
tests/suites/test_suite_x509parse.function
View File

@ -1595,34 +1595,43 @@ void x509_crt_parse_authoritykeyid(char *file,
if (ref_ret == 0) { if (ref_ret == 0) {
/* KeyId test */ /* KeyId test */
TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == MBEDTLS_ASN1_OCTET_STRING); if (crt.authority_key_id.keyIdentifier.len > 0)
TEST_ASSERT(memcmp(crt.authority_key_id.keyIdentifier.p, keyId->x, keyId->len) == 0); {
TEST_ASSERT(crt.authority_key_id.keyIdentifier.len == keyId->len); TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == MBEDTLS_ASN1_OCTET_STRING);
TEST_ASSERT(memcmp(crt.authority_key_id.keyIdentifier.p, keyId->x, keyId->len) == 0);
TEST_ASSERT(crt.authority_key_id.keyIdentifier.len == keyId->len);
}
/* Issuer test */ /* Issuer test */
mbedtls_x509_sequence *issuerPtr = &crt.authority_key_id.authorityCertIssuer; if (crt.authority_key_id.authorityCertIssuer.buf.len > 0)
{
mbedtls_x509_sequence *issuerPtr = &crt.authority_key_id.authorityCertIssuer;
TEST_ASSERT(mbedtls_x509_parse_subject_alt_name(&issuerPtr->buf, &san) == 0); TEST_ASSERT(mbedtls_x509_parse_subject_alt_name(&issuerPtr->buf, &san) == 0);
pname = &san.san.directory_name; pname = &san.san.directory_name;
while (pname != NULL) { while (pname != NULL) {
for (issuerCounter = 0; issuerCounter < pname->val.len; issuerCounter++) { for (issuerCounter = 0; issuerCounter < pname->val.len; issuerCounter++) {
result |= result |=
(authorityKeyId_issuer[bufferCounter++] != pname->val.p[issuerCounter]); (authorityKeyId_issuer[bufferCounter++] != pname->val.p[issuerCounter]);
}
bufferCounter++; /* Skipping the slash */
pname = pname->next;
} }
bufferCounter++; /* Skipping the slash */ mbedtls_x509_free_subject_alt_name(&san);
pname = pname->next; TEST_ASSERT(result == 0);
} }
mbedtls_x509_free_subject_alt_name(&san);
TEST_ASSERT(result == 0);
/* Serial test */ /* Serial test */
TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.tag == if (crt.authority_key_id.authorityCertSerialNumber.len > 0)
MBEDTLS_ASN1_INTEGER); {
TEST_ASSERT(memcmp(crt.authority_key_id.authorityCertSerialNumber.p, TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.tag ==
serial->x, serial->len) == 0); MBEDTLS_ASN1_INTEGER);
TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.len == serial->len); TEST_ASSERT(memcmp(crt.authority_key_id.authorityCertSerialNumber.p,
serial->x, serial->len) == 0);
TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.len == serial->len);
}
} else { } else {
TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == 0); TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == 0);