/* BEGIN_HEADER */ #include "mbedtls/bignum.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_csr.h" #include "mbedtls/pem.h" #include "mbedtls/oid.h" #include "mbedtls/rsa.h" #include "hash_info.h" #include "mbedtls/legacy_or_psa.h" #if defined(MBEDTLS_RSA_C) int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len ) { return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, olen, input, output, output_max_len ) ); } int mbedtls_rsa_sign_func( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, md_alg, hashlen, hash, sig ) ); } size_t mbedtls_rsa_key_len_func( void *ctx ) { return( ((const mbedtls_rsa_context *) ctx)->len ); } #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C) static int x509_crt_verifycsr( const unsigned char *buf, size_t buflen ) { unsigned char hash[PSA_HASH_MAX_SIZE]; mbedtls_x509_csr csr; int ret = 0; mbedtls_x509_csr_init( &csr ); if( mbedtls_x509_csr_parse( &csr, buf, buflen ) != 0 ) { ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; goto cleanup; } psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md( csr.sig_md ); size_t hash_size = 0; psa_status_t status = psa_hash_compute( psa_alg, csr.cri.p, csr.cri.len, hash, PSA_HASH_MAX_SIZE, &hash_size ); if( status != PSA_SUCCESS ) { /* Note: this can't happen except after an internal error */ ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; goto cleanup; } if( mbedtls_pk_verify_ext( csr.sig_pk, csr.sig_opts, &csr.pk, csr.sig_md, hash, mbedtls_hash_info_get_size( csr.sig_md ), csr.sig.p, csr.sig.len ) != 0 ) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; goto cleanup; } cleanup: mbedtls_x509_csr_free( &csr ); return( ret ); } #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */ /* END_HEADER */ /* BEGIN_DEPENDENCIES * depends_on:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO:MBEDTLS_PK_PARSE_C * END_DEPENDENCIES */ /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, int key_usage, int set_key_usage, int cert_type, int set_cert_type ) { mbedtls_pk_context key; mbedtls_x509write_csr req; unsigned char buf[4096]; int ret; #if !defined(MBEDTLS_USE_PSA_CRYPTO) unsigned char check_buf[4000]; FILE *f; size_t olen = 0; #endif /* !MBEDTLS_USE_PSA_CRYPTO */ size_t pem_len = 0, buf_index; int der_len = -1; const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; mbedtls_test_rnd_pseudo_info rnd_info; memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_x509write_csr_init( &req ); USE_PSA_INIT( ); mbedtls_pk_init( &key ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL, mbedtls_test_rnd_std_rand, NULL ) == 0 ); mbedtls_x509write_csr_set_md_alg( &req, md_type ); mbedtls_x509write_csr_set_key( &req, &key ); TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 ); if( set_key_usage != 0 ) TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 ); if( set_cert_type != 0 ) TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 ); ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ), mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == 0 ); pem_len = strlen( (char *) buf ); for( buf_index = pem_len; buf_index < sizeof( buf ); ++buf_index ) { TEST_ASSERT( buf[buf_index] == 0 ); } #if defined(MBEDTLS_USE_PSA_CRYPTO) // When using PSA crypto, RNG isn't controllable, so cert_req_check_file can't be used (void)cert_req_check_file; buf[pem_len] = '\0'; TEST_ASSERT( x509_crt_verifycsr( buf, pem_len + 1 ) == 0 ); #else f = fopen( cert_req_check_file, "r" ); TEST_ASSERT( f != NULL ); olen = fread( check_buf, 1, sizeof( check_buf ), f ); fclose( f ); TEST_ASSERT( olen >= pem_len - 1 ); TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ), mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( der_len >= 0 ); if( der_len == 0 ) goto exit; #if defined(MBEDTLS_USE_PSA_CRYPTO) // When using PSA crypto, RNG isn't controllable, result length isn't // deterministic over multiple runs, removing a single byte isn't enough to // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case der_len /= 2; #else der_len -= 1; #endif ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len ), mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); exit: mbedtls_x509write_csr_free( &req ); mbedtls_pk_free( &key ); USE_PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C:MBEDTLS_USE_PSA_CRYPTO */ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, int cert_type ) { mbedtls_pk_context key; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t md_alg_psa, alg_psa; mbedtls_x509write_csr req; unsigned char buf[4096]; int ret; size_t pem_len = 0; const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; mbedtls_test_rnd_pseudo_info rnd_info; memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_x509write_csr_init( &req ); USE_PSA_INIT( ); md_alg_psa = mbedtls_hash_info_psa_from_md( (mbedtls_md_type_t) md_type ); TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE ); mbedtls_pk_init( &key ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL, mbedtls_test_rnd_std_rand, NULL ) == 0 ); if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY ) alg_psa = PSA_ALG_ECDSA( md_alg_psa ); else if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA ) alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN( md_alg_psa ); else TEST_ASSUME( ! "PK key type not supported in this configuration" ); TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &key_id, alg_psa, PSA_KEY_USAGE_SIGN_HASH, PSA_ALG_NONE ) == 0 ); mbedtls_x509write_csr_set_md_alg( &req, md_type ); mbedtls_x509write_csr_set_key( &req, &key ); TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 ); if( key_usage != 0 ) TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 ); if( cert_type != 0 ) TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 ); ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ) - 1, mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == 0 ); pem_len = strlen( (char *) buf ); buf[pem_len] = '\0'; TEST_ASSERT( x509_crt_verifycsr( buf, pem_len + 1 ) == 0 ); exit: mbedtls_x509write_csr_free( &req ); mbedtls_pk_free( &key ); psa_destroy_key( key_id ); PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CRT_WRITE_C:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ void x509_crt_check( char *subject_key_file, char *subject_pwd, char *subject_name, char *issuer_key_file, char *issuer_pwd, char *issuer_name, char *serial_str, char *not_before, char *not_after, int md_type, int key_usage, int set_key_usage, int cert_type, int set_cert_type, int auth_ident, int ver, char *cert_check_file, int pk_wrap, int is_ca, char *cert_verify_file ) { mbedtls_pk_context subject_key, issuer_key, issuer_key_alt; mbedtls_pk_context *key = &issuer_key; mbedtls_x509write_cert crt; unsigned char buf[4096]; unsigned char check_buf[5000]; unsigned char *p, *end; unsigned char tag, sz; mbedtls_mpi serial; int ret, before_tag, after_tag; size_t olen = 0, pem_len = 0, buf_index = 0; int der_len = -1; FILE *f; mbedtls_test_rnd_pseudo_info rnd_info; #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; #endif mbedtls_pk_type_t issuer_key_type; memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_mpi_init( &serial ); USE_PSA_INIT( ); mbedtls_pk_init( &subject_key ); mbedtls_pk_init( &issuer_key ); mbedtls_pk_init( &issuer_key_alt ); mbedtls_x509write_crt_init( &crt ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file, subject_pwd, mbedtls_test_rnd_std_rand, NULL ) == 0 ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file, issuer_pwd, mbedtls_test_rnd_std_rand, NULL ) == 0 ); issuer_key_type = mbedtls_pk_get_type( &issuer_key ); #if defined(MBEDTLS_RSA_C) /* For RSA PK contexts, create a copy as an alternative RSA context. */ if( pk_wrap == 1 && issuer_key_type == MBEDTLS_PK_RSA ) { TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &issuer_key_alt, mbedtls_pk_rsa( issuer_key ), mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, mbedtls_rsa_key_len_func ) == 0 ); key = &issuer_key_alt; } #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) /* For Opaque PK contexts, wrap key as an Opaque RSA context. */ if( pk_wrap == 2 ) { psa_algorithm_t alg_psa, md_alg_psa; md_alg_psa = mbedtls_hash_info_psa_from_md( (mbedtls_md_type_t) md_type ); TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE ); if( mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_ECKEY ) alg_psa = PSA_ALG_ECDSA( md_alg_psa ); else if( mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA ) alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN( md_alg_psa ); else TEST_ASSUME( ! "PK key type not supported in this configuration" ); TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &issuer_key, &key_id, alg_psa, PSA_KEY_USAGE_SIGN_HASH, PSA_ALG_NONE ) == 0 ); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ if( pk_wrap == 2 ) TEST_ASSERT( mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_OPAQUE ); TEST_ASSERT( mbedtls_test_read_mpi( &serial, serial_str ) == 0 ); if( ver != -1 ) mbedtls_x509write_crt_set_version( &crt, ver ); TEST_ASSERT( mbedtls_x509write_crt_set_serial( &crt, &serial ) == 0 ); TEST_ASSERT( mbedtls_x509write_crt_set_validity( &crt, not_before, not_after ) == 0 ); mbedtls_x509write_crt_set_md_alg( &crt, md_type ); TEST_ASSERT( mbedtls_x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 ); TEST_ASSERT( mbedtls_x509write_crt_set_subject_name( &crt, subject_name ) == 0 ); mbedtls_x509write_crt_set_subject_key( &crt, &subject_key ); mbedtls_x509write_crt_set_issuer_key( &crt, key ); if( crt.version >= MBEDTLS_X509_CRT_VERSION_3 ) { /* For the CA case, a path length of -1 means unlimited. */ TEST_ASSERT( mbedtls_x509write_crt_set_basic_constraints( &crt, is_ca, (is_ca ? -1 : 0) ) == 0 ); TEST_ASSERT( mbedtls_x509write_crt_set_subject_key_identifier( &crt ) == 0 ); if( auth_ident ) TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 ); if( set_key_usage != 0 ) TEST_ASSERT( mbedtls_x509write_crt_set_key_usage( &crt, key_usage ) == 0 ); if( set_cert_type != 0 ) TEST_ASSERT( mbedtls_x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 ); } ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof( buf ), mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == 0 ); pem_len = strlen( (char *) buf ); // check that the rest of the buffer remains clear for( buf_index = pem_len; buf_index < sizeof( buf ); ++buf_index ) { TEST_ASSERT( buf[buf_index] == 0 ); } if( issuer_key_type != MBEDTLS_PK_RSA ) { mbedtls_x509_crt crt_parse, trusted; uint32_t flags; mbedtls_x509_crt_init( &crt_parse ); mbedtls_x509_crt_init( &trusted ); TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, cert_verify_file ) == 0 ); TEST_ASSERT( mbedtls_x509_crt_parse( &crt_parse, buf, sizeof( buf ) ) == 0 ); ret = mbedtls_x509_crt_verify( &crt_parse, &trusted, NULL, NULL, &flags, NULL, NULL ); mbedtls_x509_crt_free( &crt_parse ); mbedtls_x509_crt_free( &trusted ); TEST_EQUAL( flags, 0 ); TEST_EQUAL( ret, 0 ); } else if( *cert_check_file != '\0' ) { f = fopen( cert_check_file, "r" ); TEST_ASSERT( f != NULL ); olen = fread( check_buf, 1, sizeof( check_buf ), f ); fclose( f ); TEST_ASSERT( olen < sizeof( check_buf ) ); TEST_EQUAL( olen, pem_len ); TEST_ASSERT( olen >= pem_len - 1 ); TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 ); } der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ), mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( der_len >= 0 ); if( der_len == 0 ) goto exit; // Not testing against file, check date format if( *cert_check_file == '\0' ) { // UTC tag if before 2050, 2 digits less for year if( not_before[0] == '2' && ( not_before[1] > '0' || not_before[2] > '4' ) ) { before_tag = MBEDTLS_ASN1_GENERALIZED_TIME; } else { before_tag = MBEDTLS_ASN1_UTC_TIME; not_before += 2; } if( not_after[0] == '2' && ( not_after[1] > '0' || not_after[2] > '4' ) ) { after_tag = MBEDTLS_ASN1_GENERALIZED_TIME; } else { after_tag = MBEDTLS_ASN1_UTC_TIME; not_after += 2; } end = buf + sizeof( buf ); for( p = end - der_len ; p < end ; ) { tag = *p++; sz = *p++; if( tag == MBEDTLS_ASN1_UTC_TIME || tag == MBEDTLS_ASN1_GENERALIZED_TIME ) { // Check correct tag and time written TEST_ASSERT( before_tag == tag ); TEST_ASSERT( memcmp( p, not_before, sz - 1 ) == 0 ); p += sz; tag = *p++; sz = *p++; TEST_ASSERT( after_tag == tag ); TEST_ASSERT( memcmp( p, not_after, sz - 1 ) == 0 ); break; } // Increment if long form ASN1 length if( sz & 0x80 ) p += sz & 0x0F; if( tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) p += sz; } TEST_ASSERT( p < end ); } #if defined(MBEDTLS_USE_PSA_CRYPTO) // When using PSA crypto, RNG isn't controllable, result length isn't // deterministic over multiple runs, removing a single byte isn't enough to // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case if( issuer_key_type != MBEDTLS_PK_RSA ) der_len /= 2; else #endif der_len -= 1; ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len ), mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); exit: mbedtls_x509write_crt_free( &crt ); mbedtls_pk_free( &issuer_key_alt ); mbedtls_pk_free( &subject_key ); mbedtls_pk_free( &issuer_key ); mbedtls_mpi_free( &serial ); #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key( key_id ); #endif USE_PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */ void mbedtls_x509_string_to_names( char * name, char * parsed_name, int result ) { int ret; size_t len = 0; mbedtls_asn1_named_data *names = NULL; mbedtls_x509_name parsed, *parsed_cur, *parsed_prv; unsigned char buf[1024], out[1024], *c; memset( &parsed, 0, sizeof( parsed ) ); memset( out, 0, sizeof( out ) ); memset( buf, 0, sizeof( buf ) ); c = buf + sizeof( buf ); ret = mbedtls_x509_string_to_names( &names, name ); TEST_ASSERT( ret == result ); if( ret != 0 ) goto exit; ret = mbedtls_x509_write_names( &c, buf, names ); TEST_ASSERT( ret > 0 ); TEST_ASSERT( mbedtls_asn1_get_tag( &c, buf + sizeof( buf ), &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) == 0 ); TEST_ASSERT( mbedtls_x509_get_name( &c, buf + sizeof( buf ), &parsed ) == 0 ); ret = mbedtls_x509_dn_gets( (char *) out, sizeof( out ), &parsed ); TEST_ASSERT( ret > 0 ); TEST_ASSERT( strcmp( (char *) out, parsed_name ) == 0 ); exit: mbedtls_asn1_free_named_data_list( &names ); parsed_cur = parsed.next; while( parsed_cur != 0 ) { parsed_prv = parsed_cur; parsed_cur = parsed_cur->next; mbedtls_free( parsed_prv ); } } /* END_CASE */