lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Alternative CSR checks in x509_csr_check when USE_PSA_CRYPTO

Browse Source 
The X509write x509_csr_check reference file depends on
mbedtls_test_rnd_pseudo_rand being used to match the pre-generated data.
This calls x509_crt_verifycsr() like in x509_csr_check_opaque() when
MBEDTLS_USE_PSA_CRYPTO is defined.

Notably using PSA_ALG_DETERMINISTIC_ECDSA() in ecdsa_sign_wrap() makes
this test run without these changes.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong
2022-02-21 17:22:10 +01:00
parent e960690b89
commit 5b32038ff0
1 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
tests/suites/test_suite_x509write.function
View File

@ -93,6 +93,8 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) ); memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
USE_PSA_INIT( );
mbedtls_pk_init( &key ); mbedtls_pk_init( &key );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL, TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
mbedtls_test_rnd_std_rand, NULL ) == 0 ); mbedtls_test_rnd_std_rand, NULL ) == 0 );
@ -117,6 +119,15 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
TEST_ASSERT( buf[buf_index] == 0 ); TEST_ASSERT( buf[buf_index] == 0 );
} }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
// When using PSA crypto, RNG isn't controllable, so cert_req_check_file can't be used
(void)f;
(void)olen;
(void)check_buf;
(void)cert_req_check_file;
buf[pem_len] = '\0';
TEST_ASSERT( x509_crt_verifycsr( buf, pem_len + 1 ) == 0 );
#else
f = fopen( cert_req_check_file, "r" ); f = fopen( cert_req_check_file, "r" );
TEST_ASSERT( f != NULL ); TEST_ASSERT( f != NULL );
olen = fread( check_buf, 1, sizeof( check_buf ), f ); olen = fread( check_buf, 1, sizeof( check_buf ), f );
@ -124,6 +135,7 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
TEST_ASSERT( olen >= pem_len - 1 ); TEST_ASSERT( olen >= pem_len - 1 );
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 ); TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
#endif
der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ), der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ),
mbedtls_test_rnd_pseudo_rand, mbedtls_test_rnd_pseudo_rand,
@ -133,13 +145,22 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
if( der_len == 0 ) if( der_len == 0 )
goto exit; goto exit;
ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len - 1 ), #if defined(MBEDTLS_USE_PSA_CRYPTO)
// When using PSA crypto, RNG isn't controllable, result length isn't
// deterministic over multiple runs, removing a single byte isn't enough to
// go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case
der_len /= 2;
#else
der_len -= 1;
#endif
ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len ),
mbedtls_test_rnd_pseudo_rand, &rnd_info ); mbedtls_test_rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
exit: exit:
mbedtls_x509write_csr_free( &req ); mbedtls_x509write_csr_free( &req );
mbedtls_pk_free( &key ); mbedtls_pk_free( &key );
USE_PSA_DONE( );
} }
/* END_CASE */ /* END_CASE */