Merge pull request #6866 from mprse/extract-key-ids
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2
This commit is contained in:
Gilles Peskine
GitHub
commit
97edeb4fb8
9 changed files with 355 additions and 43 deletions
3
ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
Normal file
3
ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
Features
|
||||
* When parsing X.509 certificates, support the extensions
|
||||
SignatureKeyIdentifier and AuthorityKeyIdentifier.
|
||||
|
|
@ -243,6 +243,17 @@ typedef mbedtls_asn1_named_data mbedtls_x509_name;
|
|||
*/
|
||||
typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
|
||||
|
||||
/*
|
||||
* Container for the fields of the Authority Key Identifier object
|
||||
*/
|
||||
typedef struct mbedtls_x509_authority {
|
||||
mbedtls_x509_buf keyIdentifier;
|
||||
mbedtls_x509_sequence authorityCertIssuer;
|
||||
mbedtls_x509_buf authorityCertSerialNumber;
|
||||
mbedtls_x509_buf raw;
|
||||
}
|
||||
mbedtls_x509_authority;
|
||||
|
||||
/** Container for date and time (precision in seconds). */
|
||||
typedef struct mbedtls_x509_time {
|
||||
int year, mon, day; /**< Date. */
|
||||
|
|
@ -470,6 +481,9 @@ int mbedtls_x509_get_key_usage(unsigned char **p,
|
|||
int mbedtls_x509_get_subject_alt_name(unsigned char **p,
|
||||
const unsigned char *end,
|
||||
mbedtls_x509_sequence *subject_alt_name);
|
||||
int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p,
|
||||
const unsigned char *end,
|
||||
mbedtls_x509_sequence *subject_alt_name);
|
||||
int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size,
|
||||
const mbedtls_x509_sequence
|
||||
*subject_alt_name,
|
||||
|
|
|
|||
|
|
@ -76,6 +76,8 @@ typedef struct mbedtls_x509_crt {
|
|||
mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
|
||||
mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
|
||||
mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName, uniformResourceIdentifier, DirectoryName and OtherName are listed). */
|
||||
mbedtls_x509_buf subject_key_id; /**< Optional X.509 v3 extension subject key identifier. */
|
||||
mbedtls_x509_authority authority_key_id; /**< Optional X.509 v3 extension authority key identifier. */
|
||||
|
||||
mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
|
||||
|
||||
|
|
@ -559,6 +561,7 @@ int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path);
|
|||
int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path);
|
||||
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
||||
#if !defined(MBEDTLS_X509_REMOVE_INFO)
|
||||
/**
|
||||
* \brief Returns an informational string about the
|
||||
|
|
|
|||
|
|
@ -318,6 +318,18 @@ static const oid_x509_ext_t oid_x509_ext[] =
|
|||
"Certificate Policies"),
|
||||
MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES,
|
||||
},
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
|
||||
"id-ce-subjectKeyIdentifier",
|
||||
"Subject Key Identifier"),
|
||||
MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER,
|
||||
},
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
|
||||
"id-ce-authorityKeyIdentifier",
|
||||
"Authority Key Identifier"),
|
||||
MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER,
|
||||
},
|
||||
{
|
||||
NULL_OID_DESCRIPTOR,
|
||||
0,
|
||||
|
|
|
|||
|
|
@ -1201,53 +1201,19 @@ static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name,
|
|||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* SubjectAltName ::= GeneralNames
|
||||
/* Check mbedtls_x509_get_subject_alt_name for detailed description.
|
||||
*
|
||||
* GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
|
||||
*
|
||||
* GeneralName ::= CHOICE {
|
||||
* otherName [0] OtherName,
|
||||
* rfc822Name [1] IA5String,
|
||||
* dNSName [2] IA5String,
|
||||
* x400Address [3] ORAddress,
|
||||
* directoryName [4] Name,
|
||||
* ediPartyName [5] EDIPartyName,
|
||||
* uniformResourceIdentifier [6] IA5String,
|
||||
* iPAddress [7] OCTET STRING,
|
||||
* registeredID [8] OBJECT IDENTIFIER }
|
||||
*
|
||||
* OtherName ::= SEQUENCE {
|
||||
* type-id OBJECT IDENTIFIER,
|
||||
* value [0] EXPLICIT ANY DEFINED BY type-id }
|
||||
*
|
||||
* EDIPartyName ::= SEQUENCE {
|
||||
* nameAssigner [0] DirectoryString OPTIONAL,
|
||||
* partyName [1] DirectoryString }
|
||||
*
|
||||
* We list all types, but use the following GeneralName types from RFC 5280:
|
||||
* "dnsName", "uniformResourceIdentifier" and "hardware_module_name"
|
||||
* of type "otherName", as defined in RFC 4108.
|
||||
* In some cases while parsing subject alternative names the sequence tag is optional
|
||||
* (e.g. CertSerialNumber). This function is designed to handle such case.
|
||||
*/
|
||||
int mbedtls_x509_get_subject_alt_name(unsigned char **p,
|
||||
const unsigned char *end,
|
||||
mbedtls_x509_sequence *subject_alt_name)
|
||||
int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p,
|
||||
const unsigned char *end,
|
||||
mbedtls_x509_sequence *subject_alt_name)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t len, tag_len;
|
||||
size_t tag_len;
|
||||
mbedtls_asn1_sequence *cur = subject_alt_name;
|
||||
|
||||
/* Get main sequence tag */
|
||||
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
|
||||
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||
}
|
||||
|
||||
if (*p + len != end) {
|
||||
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
|
||||
}
|
||||
|
||||
while (*p < end) {
|
||||
mbedtls_x509_subject_alternative_name dummy_san_buf;
|
||||
mbedtls_x509_buf tmp_san_buf;
|
||||
|
|
@ -1315,6 +1281,55 @@ int mbedtls_x509_get_subject_alt_name(unsigned char **p,
|
|||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* SubjectAltName ::= GeneralNames
|
||||
*
|
||||
* GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
|
||||
*
|
||||
* GeneralName ::= CHOICE {
|
||||
* otherName [0] OtherName,
|
||||
* rfc822Name [1] IA5String,
|
||||
* dNSName [2] IA5String,
|
||||
* x400Address [3] ORAddress,
|
||||
* directoryName [4] Name,
|
||||
* ediPartyName [5] EDIPartyName,
|
||||
* uniformResourceIdentifier [6] IA5String,
|
||||
* iPAddress [7] OCTET STRING,
|
||||
* registeredID [8] OBJECT IDENTIFIER }
|
||||
*
|
||||
* OtherName ::= SEQUENCE {
|
||||
* type-id OBJECT IDENTIFIER,
|
||||
* value [0] EXPLICIT ANY DEFINED BY type-id }
|
||||
*
|
||||
* EDIPartyName ::= SEQUENCE {
|
||||
* nameAssigner [0] DirectoryString OPTIONAL,
|
||||
* partyName [1] DirectoryString }
|
||||
*
|
||||
* We list all types, but use the following GeneralName types from RFC 5280:
|
||||
* "dnsName", "uniformResourceIdentifier" and "hardware_module_name"
|
||||
* of type "otherName", as defined in RFC 4108.
|
||||
*/
|
||||
int mbedtls_x509_get_subject_alt_name(unsigned char **p,
|
||||
const unsigned char *end,
|
||||
mbedtls_x509_sequence *subject_alt_name)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t len;
|
||||
|
||||
/* Get main sequence tag */
|
||||
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
|
||||
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||
}
|
||||
|
||||
if (*p + len != end) {
|
||||
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
|
||||
}
|
||||
|
||||
return mbedtls_x509_get_subject_alt_name_ext(p, end, subject_alt_name);
|
||||
}
|
||||
|
||||
int mbedtls_x509_get_ns_cert_type(unsigned char **p,
|
||||
const unsigned char *end,
|
||||
unsigned char *ns_cert_type)
|
||||
|
|
|
|||
|
|
@ -591,6 +591,114 @@ static int x509_get_ext_key_usage(unsigned char **p,
|
|||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* SubjectKeyIdentifier ::= KeyIdentifier
|
||||
*
|
||||
* KeyIdentifier ::= OCTET STRING
|
||||
*/
|
||||
static int x509_get_subject_key_id(unsigned char **p,
|
||||
const unsigned char *end,
|
||||
mbedtls_x509_buf *subject_key_id)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t len = 0u;
|
||||
|
||||
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
||||
MBEDTLS_ASN1_OCTET_STRING)) != 0) {
|
||||
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||
}
|
||||
|
||||
subject_key_id->len = len;
|
||||
subject_key_id->tag = MBEDTLS_ASN1_OCTET_STRING;
|
||||
subject_key_id->p = *p;
|
||||
*p += len;
|
||||
|
||||
if (*p != end) {
|
||||
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* AuthorityKeyIdentifier ::= SEQUENCE {
|
||||
* keyIdentifier [0] KeyIdentifier OPTIONAL,
|
||||
* authorityCertIssuer [1] GeneralNames OPTIONAL,
|
||||
* authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
|
||||
*
|
||||
* KeyIdentifier ::= OCTET STRING
|
||||
*/
|
||||
static int x509_get_authority_key_id(unsigned char **p,
|
||||
unsigned char *end,
|
||||
mbedtls_x509_authority *authority_key_id)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t len = 0u;
|
||||
|
||||
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
|
||||
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||
}
|
||||
|
||||
if (*p + len != end) {
|
||||
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
|
||||
}
|
||||
|
||||
ret = mbedtls_asn1_get_tag(p, end, &len,
|
||||
MBEDTLS_ASN1_CONTEXT_SPECIFIC);
|
||||
|
||||
/* KeyIdentifier is an OPTIONAL field */
|
||||
if (ret == 0) {
|
||||
authority_key_id->keyIdentifier.len = len;
|
||||
authority_key_id->keyIdentifier.p = *p;
|
||||
/* Setting tag of the keyIdentfier intentionally to 0x04.
|
||||
* Although the .keyIdentfier field is CONTEXT_SPECIFIC ([0] OPTIONAL),
|
||||
* its tag with the content is the payload of on OCTET STRING primitive */
|
||||
authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING;
|
||||
|
||||
*p += len;
|
||||
} else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
|
||||
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||
}
|
||||
|
||||
if (*p < end) {
|
||||
/* Getting authorityCertIssuer using the required specific class tag [1] */
|
||||
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
||||
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
|
||||
1)) != 0) {
|
||||
/* authorityCertIssuer and authorityCertSerialNumber MUST both
|
||||
be present or both be absent. At this point we expect to have both. */
|
||||
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||
}
|
||||
/* "end" also includes the CertSerialNumber field so "len" shall be used */
|
||||
ret = mbedtls_x509_get_subject_alt_name_ext(p,
|
||||
(*p+len),
|
||||
&authority_key_id->authorityCertIssuer);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Getting authorityCertSerialNumber using the required specific class tag [2] */
|
||||
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
||||
MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2)) != 0) {
|
||||
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||
}
|
||||
authority_key_id->authorityCertSerialNumber.len = len;
|
||||
authority_key_id->authorityCertSerialNumber.p = *p;
|
||||
authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_INTEGER;
|
||||
*p += len;
|
||||
}
|
||||
|
||||
if (*p != end) {
|
||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
|
||||
*
|
||||
|
|
@ -889,8 +997,25 @@ static int x509_get_crt_ext(unsigned char **p,
|
|||
}
|
||||
break;
|
||||
|
||||
case MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER:
|
||||
/* Parse subject key identifier */
|
||||
if ((ret = x509_get_subject_key_id(p, end_ext_data,
|
||||
&crt->subject_key_id)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
break;
|
||||
|
||||
case MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER:
|
||||
/* Parse authority key identifier */
|
||||
if ((ret = x509_get_authority_key_id(p, end_ext_octet,
|
||||
&crt->authority_key_id)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
break;
|
||||
case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
|
||||
/* Parse subject alt name */
|
||||
/* Parse subject alt name
|
||||
* SubjectAltName ::= GeneralNames
|
||||
*/
|
||||
if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_octet,
|
||||
&crt->subject_alt_names)) != 0) {
|
||||
return ret;
|
||||
|
|
@ -1550,6 +1675,27 @@ cleanup:
|
|||
#endif /* MBEDTLS_FS_IO */
|
||||
|
||||
#if !defined(MBEDTLS_X509_REMOVE_INFO)
|
||||
#define PRINT_ITEM(i) \
|
||||
do { \
|
||||
ret = mbedtls_snprintf(p, n, "%s" i, sep); \
|
||||
MBEDTLS_X509_SAFE_SNPRINTF; \
|
||||
sep = ", "; \
|
||||
} while (0)
|
||||
|
||||
#define CERT_TYPE(type, name) \
|
||||
do { \
|
||||
if (ns_cert_type & (type)) { \
|
||||
PRINT_ITEM(name); \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
#define KEY_USAGE(code, name) \
|
||||
do { \
|
||||
if (key_usage & (code)) { \
|
||||
PRINT_ITEM(name); \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
static int x509_info_ext_key_usage(char **buf, size_t *size,
|
||||
const mbedtls_x509_sequence *extended_key_usage)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ int main(void)
|
|||
|
||||
/* Size of memory to be allocated for the heap, when using the library's memory
|
||||
* management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
|
||||
#define MEMORY_HEAP_SIZE 120000
|
||||
#define MEMORY_HEAP_SIZE 180000
|
||||
|
||||
#define DFL_SERVER_ADDR NULL
|
||||
#define DFL_SERVER_PORT "4433"
|
||||
|
|
|
|||
|
|
@ -3278,3 +3278,39 @@ x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_KEY_USAGE
|
|||
X509 ext types accessor: ext type not present
|
||||
depends_on:MBEDTLS_X509_CRT_PARSE_C
|
||||
x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
|
||||
|
||||
X509 CRT parse Subject Key Id - Correct Subject Key ID
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
|
||||
x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":20:0
|
||||
|
||||
X509 CRT parse Subject Key Id - Wrong OCTET_STRING tag
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
|
||||
x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 CRT parse Authority Key Id - Correct Authority Key ID
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
|
||||
x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":20:"NL/PolarSSL/PolarSSL Test CA/":1:0
|
||||
|
||||
X509 CRT parse Authority Key Id - Wrong Length
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
|
||||
x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c30598014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 CRT parse Authority Key Id - Wrong Sequence tag
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
|
||||
x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c005a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 CRT parse Authority Key Id - Wrong KeyId Tag
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
|
||||
x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a0014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 CRT parse Authority Key Id - Wrong KeyId Tag Length
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
|
||||
x509_crt_parse_authoritykeyid:"3082039F30820287A00302010202142121EA5121F25E38DF2697F6851A9B43490DE495300D06092A864886F70D01010B0500303B310B3009060355040613024E4C3111300F060355040B0C08506F6C617253534C3119301706035504030C10506F6C617253534C2054657374204341301E170D3233303530363138333231315A170D3433303530313138333231315A303B310B3009060355040613024E4C3111300F060355040B0C08506F6C617253534C3119301706035504030C10506F6C617253534C205465737420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100C14DA3DDE7CD1DD104D74972B899AC0E78E43A3C4ACF3A1316D05AE4CDA30088A7EE1E6B96A752B490EF2D727A3E249AFCB634AC24F577E026648C9CB0287DA1DAEA8CE6C91C96BCFEC10452B336D4A3FAE1B176D890C161B4665236A22653AAAB745E077D1982DB2AD81FA0D90D1C2D4966F75B257346E80B8A4F690CB50090E1DA8210667DAE542B8B657991A1E261C3CD404908EE680CF18B86D246BFD0B8AA11031E7F56A81A1E44180F0F858BDA8B445EE218C6622FC7668DFA5DD87DF327892901C5900E3F27F130C84A0EEFD6DEC7C7276BC7053D7AC4023C9A1D3E0FE834985BCB734B5296D811A22C808869395AD30FB0DE592F11C7F7EA120130970203010001A3819A308197301D0603551D0E04160414A505E864B8DCDF600F50124D60A864AF4D8B439330760603551D23046F306D80FFA505E864B8DCDF600F50124D60A864AF4D8B4393A13FA43D303B310B3009060355040613024E4C3111300F060355040B0C08506F6C617253534C3119301706035504030C10506F6C617253534C205465737420434182142121EA5121F25E38DF2697F6851A9B43490DE495300D06092A864886F70D01010B05000382010100409122DCB6D31ABA0B65F2DD7A590F30E43864F9293B889223BF320177D24B50EE202D5A88406BE68D2BD0047B72016376F64D0420BE1D639159E9B54666587434966364EF855B37155D5891C68A02D90E44206F27C7D78DE2E3BF5373521F8BBA8390151814004D099D2B46080A9E0C467B1E0D8B93BAC1E1B3AE4FD20FD83E285BA7168DC81D80B468AEB21D645490F0B87A65DDE17DAD1AF46EDF9126565592291FE159434A9D93DFFFA65F658C6DBCD02D56E591CD4B9390878288B890497E56998C845D3ED4145DAAD6A16556C2FDEAE780BE297531842B2A565824BD85128D4E459B0F370DBEC9E190FABA7D88C1514B3B6935F421B4FBC393D733A785":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_INVALID_LENGTH
|
||||
|
||||
X509 CRT parse Authority Key Id - Wrong Issuer Tag 1
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
|
||||
x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff003fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 CRT parse Authority Key Id - Wrong Issuer Tag 2
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
|
||||
x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13f003d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
|
|
|||
|
|
@ -1548,3 +1548,86 @@ exit:
|
|||
USE_PSA_DONE();
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
|
||||
void x509_crt_parse_subjectkeyid(data_t *buf, int subjectKeyIdLength_arg, int ref_ret)
|
||||
{
|
||||
size_t subjectKeyIdLength = subjectKeyIdLength_arg;
|
||||
mbedtls_x509_crt crt;
|
||||
|
||||
mbedtls_x509_crt_init(&crt);
|
||||
|
||||
TEST_ASSERT(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len) == ref_ret);
|
||||
|
||||
if (ref_ret == 0) {
|
||||
TEST_ASSERT(crt.subject_key_id.tag == MBEDTLS_ASN1_OCTET_STRING);
|
||||
TEST_ASSERT(crt.subject_key_id.len == subjectKeyIdLength);
|
||||
} else {
|
||||
TEST_ASSERT(crt.subject_key_id.tag == 0);
|
||||
TEST_ASSERT(crt.subject_key_id.len == 0);
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crt_free(&crt);
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
|
||||
void x509_crt_parse_authoritykeyid(data_t *buf,
|
||||
int keyIdLength_arg,
|
||||
char *authorityKeyId_issuer,
|
||||
int serialLength_arg,
|
||||
int ref_ret)
|
||||
{
|
||||
mbedtls_x509_crt crt;
|
||||
int bufferCounter = 0;
|
||||
size_t issuerCounter = 0;
|
||||
size_t keyIdLength = keyIdLength_arg;
|
||||
size_t serialLength = serialLength_arg;
|
||||
unsigned int result = 0;
|
||||
mbedtls_x509_subject_alternative_name san;
|
||||
mbedtls_x509_name *pname = NULL;
|
||||
|
||||
mbedtls_x509_crt_init(&crt);
|
||||
|
||||
TEST_ASSERT(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len) == ref_ret);
|
||||
|
||||
if (ref_ret == 0) {
|
||||
/* KeyId test */
|
||||
TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == MBEDTLS_ASN1_OCTET_STRING);
|
||||
TEST_ASSERT(crt.authority_key_id.keyIdentifier.len == keyIdLength);
|
||||
|
||||
/* Issuer test */
|
||||
mbedtls_x509_sequence *issuerPtr = &crt.authority_key_id.authorityCertIssuer;
|
||||
|
||||
TEST_ASSERT(mbedtls_x509_parse_subject_alt_name(&issuerPtr->buf, &san) == 0);
|
||||
|
||||
pname = &san.san.directory_name;
|
||||
|
||||
while (pname != NULL) {
|
||||
for (issuerCounter = 0; issuerCounter < pname->val.len; issuerCounter++) {
|
||||
result |=
|
||||
(authorityKeyId_issuer[bufferCounter++] != pname->val.p[issuerCounter]);
|
||||
}
|
||||
bufferCounter++; /* Skipping the slash */
|
||||
pname = pname->next;
|
||||
}
|
||||
mbedtls_x509_free_subject_alt_name(&san);
|
||||
TEST_ASSERT(result == 0);
|
||||
|
||||
/* Serial test */
|
||||
TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.tag ==
|
||||
MBEDTLS_ASN1_INTEGER);
|
||||
TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.len == serialLength);
|
||||
} else {
|
||||
TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == 0);
|
||||
TEST_ASSERT(crt.authority_key_id.keyIdentifier.len == 0);
|
||||
|
||||
TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.tag == 0);
|
||||
TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.len == 0);
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crt_free(&crt);
|
||||
}
|
||||
/* END_CASE */
|
||||
|
|
|
|||
Loading…
Reference in a new issue