Add test cases exercising successful verification of MD2/MD4/MD5 CRT

This commit is contained in:
Hanno Becker 2019-06-03 14:27:03 +01:00
parent 7b8abee4f5
commit 20a4ade3f5
2 changed files with 23 additions and 0 deletions

View file

@ -539,6 +539,18 @@ X509 Certificate verification #13 (Valid Cert MD5 Digest, MD5 forbidden)
depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL"
X509 Certificate verification #12 (Valid Cert MD2 Digest, MD2 allowed)
depends_on:MBEDTLS_MD2_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_md2.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL"
X509 Certificate verification #12 (Valid Cert MD4 Digest, MD4 allowed)
depends_on:MBEDTLS_MD4_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL"
X509 Certificate verification #13 (Valid Cert MD5 Digest, MD5 allowed)
depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL"
X509 Certificate verification #14 (Valid Cert SHA1 Digest explicitly allowed in profile)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"

View file

@ -15,6 +15,15 @@ than the current threshold 19. To test larger values, please \
adapt the script tests/data_files/dir-max/long.sh."
#endif
/* Test-only profile allowing all digests, PK algorithms, and curves. */
const mbedtls_x509_crt_profile profile_all =
{
0xFFFFFFFF, /* Any MD */
0xFFFFFFFF, /* Any PK alg */
0xFFFFFFFF, /* Any curve */
1024,
};
/* Profile for backward compatibility. Allows SHA-1, unlike the default
profile. */
const mbedtls_x509_crt_profile compat_profile =
@ -531,6 +540,8 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file,
profile = &mbedtls_x509_crt_profile_suiteb;
else if( strcmp( profile_str, "compat" ) == 0 )
profile = &compat_profile;
else if( strcmp( profile_str, "all" ) == 0 )
profile = &profile_all;
else
TEST_ASSERT( "Unknown algorithm profile" == 0 );