lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Merge remote-tracking branch 'origin/development' into update-restricted-2023-08-30

Browse Source
This commit is contained in:
Dave Rodgman
2023-08-30 11:22:00 +01:00
parent 115784bd3f f3a41685e7
commit 730bbee226
315 changed files with 16246 additions and 9989 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
tests/.gitignore vendored
View File

@ -1,11 +1,6 @@
*.sln
*.vcxproj
# Generated source files
/suites/*.generated.data
/suites/test_suite_psa_crypto_storage_format.v[0-9]*.data
/suites/test_suite_psa_crypto_storage_format.current.data
*.log
/test_suite*
data_files/mpi_write
@ -20,3 +15,10 @@ include/test/instrument_record_status.h
src/libmbed*
libtestdriver1/*
###START_GENERATED_FILES###
# Generated source files
/suites/*.generated.data
/suites/test_suite_psa_crypto_storage_format.v[0-9]*.data
/suites/test_suite_psa_crypto_storage_format.current.data
###END_GENERATED_FILES###

2
tests/CMakeLists.txt
View File

@ -118,8 +118,10 @@ if(GEN_FILES)
--directory ${CMAKE_CURRENT_BINARY_DIR}/suites
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/crypto_data_tests.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/crypto_knowledge.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/macro_collector.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/psa_information.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/psa_storage.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_case.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_data_generation.py

2
tests/Makefile
View File

@ -121,8 +121,10 @@ generated_ecp_test_data:
$(GENERATED_PSA_DATA_FILES): generated_psa_test_data
generated_psa_test_data: scripts/generate_psa_tests.py
generated_psa_test_data: ../scripts/mbedtls_dev/crypto_data_tests.py
generated_psa_test_data: ../scripts/mbedtls_dev/crypto_knowledge.py
generated_psa_test_data: ../scripts/mbedtls_dev/macro_collector.py
generated_psa_test_data: ../scripts/mbedtls_dev/psa_information.py
generated_psa_test_data: ../scripts/mbedtls_dev/psa_storage.py
generated_psa_test_data: ../scripts/mbedtls_dev/test_case.py
generated_psa_test_data: ../scripts/mbedtls_dev/test_data_generation.py

20
tests/configs/user-config-for-test.h
View File

@ -55,3 +55,23 @@
#define MBEDTLS_PSA_ACCEL_ALG_HMAC
#endif /* PSA_CRYPTO_DRIVER_TEST_ALL */
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform
* functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
* and #MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO. The job of these functions
* is to read and write from the entropy seed file, which is located
* in the PSA ITS file whose uid is #PSA_CRYPTO_ITS_RANDOM_SEED_UID.
* (These could have been provided as library functions, but for historical
* reasons, they weren't, and so each integrator has to provide a copy
* of these functions.)
*
* Provide implementations of these functions for testing. */
#include <stddef.h>
int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len);
int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len);
#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_test_inject_entropy_seed_read
#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_test_inject_entropy_seed_write
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */

232
tests/data_files/Makefile
View File

@ -60,6 +60,14 @@ test-ca.key.der: $(test_ca_key_file_rsa)
$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)"
all_final += test-ca.key.der
# This is only used for generating cert_example_multi_nocn.crt
test-ca_nocn.crt: $(test_ca_key_file_rsa)
$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 selfsign=1 \
subject_key=$(test_ca_key_file_rsa) subject_pwd=$(test_ca_pwd_rsa) subject_name="C=NL" \
issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) issuer_name="C=NL" \
not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
all_intermediate += test-ca_nocn.crt
test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
all_final += test-ca-sha1.crt
@ -99,6 +107,16 @@ parse_input/cert_example_multi.crt cert_example_multi.crt: cert_example_multi.cs
-passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 \
-in $< > $@
cert_example_multi_nocn.csr: rsa_pkcs1_1024_clear.pem
$(MBEDTLS_CERT_REQ) filename=$< output_file=$@ subject_name='C=NL'
all_intermediate += cert_example_multi_nocn.csr
parse_input/cert_example_multi_nocn.crt cert_example_multi_nocn.crt: cert_example_multi_nocn.csr test-ca_nocn.crt
$(OPENSSL) x509 -req -CA test-ca_nocn.crt -CAkey $(test_ca_key_file_rsa) \
-extfile $(test_ca_config_file) -extensions ext_multi_nocn -passin "pass:$(test_ca_pwd_rsa)" \
-set_serial 0xf7c67ff8e9a963f9 -days 3653 -sha1 -in $< > $@
all_final += cert_example_multi_nocn.crt
parse_input/test_csr_v3_keyUsage.csr.der: rsa_pkcs1_1024_clear.pem
$(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_keyUsage
parse_input/test_csr_v3_subjectAltName.csr.der: rsa_pkcs1_1024_clear.pem
@ -168,13 +186,28 @@ test_ca_crt_file_ec = test-ca2.crt
test_ca_key_file_ec = test-ca2.key
test-ca2.req.sha256: $(test_ca_key_file_ec)
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) \
subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256
all_intermediate += test-ca2.req.sha256
test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256
$(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
$(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 selfsign=1 \
request_file=test-ca2.req.sha256 \
issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" \
issuer_key=$(test_ca_key_file_ec) \
not_before=20190210144400 not_after=20290210144400 \
md=SHA256 version=3 output_file=$@
all_final += test-ca2.crt
test-ca2.ku-%.crt: test-ca2.ku-%.crt.openssl.v3_ext $(test_ca_key_file_ec) test-ca2.req.sha256
$(OPENSSL) x509 -req -in test-ca2.req.sha256 -extfile $< \
-signkey $(test_ca_key_file_ec) -days 3653 -out $@
all_final += test-ca2.ku-crl.crt \
test-ca2.ku-crt.crt \
test-ca2.ku-crt_crl.crt \
test-ca2.ku-ds.crt
test-ca2-future.crt: $(test_ca_key_file_ec) test-ca2.req.sha256
$(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 \
issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) \
@ -199,10 +232,14 @@ $(test_ca_ec_cat):
all_final += $(test_ca_ec_cat)
parse_input/test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
$(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
$(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca \
-key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" \
-set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
parse_input/test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
$(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
$(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca \
-key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 \
-in test-ca.req_ec.sha256 -out $@
parse_input/test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
$(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
@ -414,9 +451,23 @@ all_final += server5-ss-expired.crt
# try to forge a copy of test-int-ca3 with different key
server5-ss-forgeca.crt: server5.key
$(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@
$(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" \
-set_serial 77 -config $(test_ca_config_file) -extensions noext_ca \
-days 3650 -sha256 -key $< -out $@
all_final += server5-ss-forgeca.crt
server5-selfsigned.crt: server5.key
openssl req -x509 -key server5.key \
-sha256 -days 3650 -nodes \
-addext basicConstraints=critical,CA:FALSE \
-addext keyUsage=critical,digitalSignature \
-addext subjectKeyIdentifier=hash \
-addext authorityKeyIdentifier=none \
-set_serial 0x53a2cb4b124ead837da894b2 \
-subj "/CN=selfsigned/OU=testing/O=PolarSSL/C=NL" \
-out $@
all_final += server5-selfsigned.crt
parse_input/server5-othername.crt.der: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -outform der -out $@
@ -486,6 +537,59 @@ test-int-ca3-badsign.crt: test-int-ca3.crt
{ head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
all_final += test-int-ca3-badsign.crt
# server9*
server9.csr: server9.key
$(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \
-key $< -out $@
parse_input/server9.crt server9.crt: server9-sha1.crt
cp $< $@
all_final += server9.crt
all_intermediate += server9.csr server9-sha1.crt
server9-%.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa)
$(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \
-passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \
-set_serial $(SERVER9_CRT_SERIAL) -days 3653 \
-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
-sigopt rsa_mgf1_md:$(@F:server9-%.crt=%) -$(@F:server9-%.crt=%) \
-in $< -out $@
server9-sha1.crt: SERVER9_CRT_SERIAL=22
parse_input/server9-sha224.crt server9-sha224.crt: SERVER9_CRT_SERIAL=23
parse_input/server9-sha256.crt server9-sha256.crt: SERVER9_CRT_SERIAL=24
parse_input/server9-sha384.crt server9-sha384.crt: SERVER9_CRT_SERIAL=25
parse_input/server9-sha512.crt server9-sha512.crt: SERVER9_CRT_SERIAL=26
all_final += server9-sha224.crt server9-sha256.crt server9-sha384.crt server9-sha512.crt
server9-defaults.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa)
$(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \
-passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \
-set_serial 72 -days 3653 \
-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max -sha1 \
-in $< -out $@
all_final += server9-defaults.crt
server9-badsign.crt: server9.crt
{ head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
all_final += server9-badsign.crt
server9-with-ca.crt: server9.crt $(test_ca_crt)
cat $^ > $@
all_final += server9-with-ca.crt
# FIXME: This file needs special sequence. It should be update manually
server9-bad-saltlen.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa)
false
server9-bad-mgfhash.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa)
$(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \
-passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \
-set_serial 24 -days 3653 \
-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
-sigopt rsa_mgf1_md:sha224 -sha256 \
-in $< -out $@
all_final += server9-bad-mgfhash.crt
# server10*
server10.crt: server10.key test-int-ca3.crt test-int-ca3.key
@ -1304,8 +1408,7 @@ all_final += server1.req.sha256
server1.req.sha256.ext: server1.key
# Generating this with OpenSSL as a comparison point to test we're getting the same result
openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -addext "extendedKeyUsage=serverAuth" -addext "subjectAltName=URI:http://pki.example.com/,IP:127.1.1.0,DNS:example.com"
all_final += server1.req.sha256.ext
openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -config server1.req.sha256.conf
parse_input/server1.req.sha384 server1.req.sha384: server1.key
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384
@ -1385,9 +1488,35 @@ all_final += server5-badsign.crt
# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.'
server5.req.ku.sha1: server5.key
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
$(OPENSSL) req -key $< -out $@ -new -nodes -subj "/C=NL/O=PolarSSL/CN=PolarSSL Server 1" -sha1 -addext keyUsage=digitalSignature,nonRepudiation
all_final += server5.req.ku.sha1
server5.ku-ds.crt: SERVER5_CRT_SERIAL=45
server5.ku-ds.crt: SERVER5_KEY_USAGE=digital_signature
server5.ku-ka.crt: SERVER5_CRT_SERIAL=46
server5.ku-ka.crt: SERVER5_KEY_USAGE=key_agreement
server5.ku-ke.crt: SERVER5_CRT_SERIAL=47
server5.ku-ke.crt: SERVER5_KEY_USAGE=key_encipherment
server5.eku-cs.crt: SERVER5_CRT_SERIAL=58
server5.eku-cs.crt: SERVER5_EXT_KEY_USAGE=codeSigning
server5.eku-cs_any.crt: SERVER5_CRT_SERIAL=59
server5.eku-cs_any.crt: SERVER5_EXT_KEY_USAGE=codeSigning,any
server5.eku-cli.crt: SERVER5_CRT_SERIAL=60
server5.eku-cli.crt: SERVER5_EXT_KEY_USAGE=clientAuth
server5.eku-srv_cli.crt: SERVER5_CRT_SERIAL=61
server5.eku-srv_cli.crt: SERVER5_EXT_KEY_USAGE=serverAuth,clientAuth
server5.eku-srv.crt: SERVER5_CRT_SERIAL=62
server5.eku-srv.crt: SERVER5_EXT_KEY_USAGE=serverAuth
server5.ku-%.crt: SERVER5_EXT_OPTS=key_usage=$(SERVER5_KEY_USAGE)
server5.eku-%.crt: SERVER5_EXT_OPTS=ext_key_usage=$(SERVER5_EXT_KEY_USAGE)
server5.%.crt: server5.key
$(MBEDTLS_CERT_WRITE) \
subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=$(SERVER5_CRT_SERIAL) \
issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) $(SERVER5_EXT_OPTS) \
not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
all_final += server5.ku-ka.crt server5.ku-ke.crt server5.ku-ds.crt
all_final += server5.eku-cs.crt server5.eku-cs_any.crt server5.eku-cli.crt server5.eku-srv_cli.crt server5.eku-srv.crt
# server6*
server6.csr: server6.key
@ -1399,6 +1528,18 @@ server6.crt: server6.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec)
-extfile server5.crt.openssl.v3_ext -set_serial 10 -days 3650 -sha256 -in $< -out $@
all_final += server6.crt
server6-ss-child.csr : server6.key
$(OPENSSL) req -new -subj "/CN=selfsigned-child/OU=testing/O=PolarSSL/C=NL" \
-key $< -out $@
all_intermediate += server6-ss-child.csr
server6-ss-child.crt: server6-ss-child.csr server5-selfsigned.crt server5.key server6-ss-child.crt.openssl.v3_ext
$(OPENSSL) x509 -req -CA server5-selfsigned.crt -CAkey server5.key \
-extfile server6-ss-child.crt.openssl.v3_ext \
-set_serial 0x53a2cb5822399474a7ec79ec \
-days 3650 -sha256 -in $< -out $@
all_final += server6-ss-child.crt
################################################################
### Generate certificates for CRT write check tests
################################################################
@ -1449,7 +1590,7 @@ server1.der: server1.crt
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
server1.commas.crt: server1.key parse_input/server1.req.commas.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
$(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.commas.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
all_final += server1.crt server1.noauthid.crt server1.crt.der server1.commas.crt
all_final += server1.crt server1.noauthid.crt parse_input/server1.crt.der server1.commas.crt
parse_input/server1.key_usage.crt: parse_input/server1.req.sha256
server1.key_usage.crt: server1.req.sha256
@ -1487,6 +1628,16 @@ server1.ca.der: server1.ca.crt
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
all_final += server1.ca.crt server1.ca_noauthid.crt server1.ca.der
server1-nospace.crt: server1.key test-ca.crt
$(MBEDTLS_CERT_WRITE) subject_key=$< serial=31\
subject_name="C=NL,O=PolarSSL,CN=polarssl.example" \
issuer_crt=test-ca.crt issuer_key=$(test_ca_key_file_rsa) \
issuer_pwd=$(test_ca_pwd_rsa) \
not_before=20190210144406 not_after=20290210144406 \
md=SHA256 version=3 authority_identifier=1 \
output_file=$@
all_final += server1-nospace.crt
server1_ca.crt: server1.crt $(test_ca_crt)
cat server1.crt $(test_ca_crt) > $@
all_final += server1_ca.crt
@ -1545,8 +1696,13 @@ server1.v1.der.openssl: server1.v1.crt.openssl
crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
$(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@
crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.server1.future-crl.db test-ca.server1.future-crl.opensslconf
$(FAKETIME) '2028-12-31' $(OPENSSL) ca -gencrl -config test-ca.server1.future-crl.opensslconf -crldays 365 -passin "pass:$(test_ca_pwd_rsa)" -out $@
crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) \
$(test_ca_config_file) \
test-ca.server1.future-crl.db \
test-ca.server1.future-crl.opensslconf
$(FAKETIME) -f '+10y' $(OPENSSL) ca -gencrl \
-config test-ca.server1.future-crl.opensslconf -crldays 365 \
-passin "pass:$(test_ca_pwd_rsa)" -out $@
server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
@ -1564,6 +1720,25 @@ server2-sha256.crt: server2.req.sha256
$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
all_final += server2-sha256.crt
server2.ku-ka.crt: SERVER2_CRT_SERIAL=42
server2.ku-ka.crt: SERVER2_KEY_USAGE=key_agreement
server2.ku-ke.crt: SERVER2_CRT_SERIAL=43
server2.ku-ke.crt: SERVER2_KEY_USAGE=key_encipherment
server2.ku-ds.crt: SERVER2_CRT_SERIAL=44
server2.ku-ds.crt: SERVER2_KEY_USAGE=digital_signature
server2.ku-ds_ke.crt: SERVER2_CRT_SERIAL=48
server2.ku-ds_ke.crt: SERVER2_KEY_USAGE=digital_signature,key_encipherment
server2.ku-%.crt: server2.req.sha256
$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=$(SERVER2_CRT_SERIAL) \
issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \
key_usage="$(SERVER2_KEY_USAGE)" \
not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
all_final += server2.ku-ka.crt server2.ku-ke.crt server2.ku-ds.crt server2.ku-ds_ke.crt
server2-badsign.crt: server2.crt
{ head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
all_final += server2-badsign.crt
# server3*
parse_input/server3.crt server3.crt: server3.key
@ -1820,6 +1995,41 @@ pkcs7_data_cert_signeddata_sha256.der: pkcs7_data_cert_signed_sha256.der
dd if=pkcs7_data_cert_signed_sha256.der of=$@ skip=19 bs=1
all_final += pkcs7_data_cert_signeddata_sha256.der
# - test-ca-v1.crt: v1 "CA", signs
# server1-v1.crt: v1 "intermediate CA", signs
# server2-v1*.crt: EE cert (without of with chain in same file)
test-ca-v1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
$(MBEDTLS_CERT_WRITE) is_ca=1 serial_hex=53a2b68e05400e555c9395e5 \
request_file=test-ca.req.sha256 \
selfsign=1 issuer_name="CN=PolarSSL Test CA v1,OU=testing,O=PolarSSL,C=NL" \
issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \
not_before=20190210144400 not_after=20290210144400 md=SHA256 version=1 \
output_file=$@
all_final += test-ca-v1.crt
server1-v1.crt: server1.key test-ca-v1.crt
$(MBEDTLS_CERT_WRITE) subject_key=$< serial_hex=53a2b6c704cd4d8ebc800bc1\
subject_name="CN=server1/int-ca-v1,OU=testing,O=PolarSSL,C=NL" \
issuer_crt=test-ca-v1.crt issuer_key=$(test_ca_key_file_rsa) \
issuer_pwd=$(test_ca_pwd_rsa) \
not_before=20190210144406 not_after=20290210144406 \
md=SHA256 version=1 \
output_file=$@
all_final += server1-v1.crt
server2-v1.crt: server2.key server1-v1.crt
$(MBEDTLS_CERT_WRITE) subject_key=$< serial_hex=53a2b6d9235dbc4573f9b76c\
subject_name="CN=server2,OU=testing,O=PolarSSL,C=NL" \
issuer_crt=server1-v1.crt issuer_key=server1.key \
not_before=20190210144406 not_after=20290210144406 \
md=SHA256 version=1 \
output_file=$@
all_final += server2-v1.crt
server2-v1-chain.crt: server2-v1.crt server1-v1.crt
cat $^ > $@
################################################################
#### Generate C format test certs header
################################################################

4
tests/data_files/Readme-x509.txt
View File

@ -76,6 +76,10 @@ List of certificates:
-badsign.crt: S5 with corrupted signature
-expired.crt: S5 with "not after" date in the past
-future.crt: S5 with "not before" date in the future
-non-compliant.crt: S5, RFC non-compliant
(with forbidden EC algorithm identifier NULL parameter)
generated by (before fix):
cert_write subject_key=server5.key subject_name="CN=Test EC RFC non-compliant" issuer_crt=test-ca2.crt issuer_key=test-ca2.key
-selfsigned.crt: Self-signed cert with S5 key
-ss-expired.crt: Self-signed cert with S5 key, expired
-ss-forgeca.crt: Copy of test-int-ca3 self-signed with S5 key

23
tests/data_files/cert_example_multi_nocn.crt
View File

@ -1,13 +1,16 @@
-----BEGIN CERTIFICATE-----
MIIB/TCCAWagAwIBAgIJAPfGf/jpqWP5MA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV
BAYTAk5MMB4XDTE0MDEyMjEwMDQzM1oXDTI0MDEyMjEwMDQzM1owDTELMAkGA1UE
BhMCTkwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2pt
WZftTslU5A3uzqB9oB6q6A7CuxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNz
UnlGGrqgVyt2FjGzqK/nOJsIi2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ
81kybdHg6G3eUu1mtKkL2kCVAgMBAAGjZTBjMAkGA1UdEwQCMAAwCwYDVR0PBAQD
MIICfjCCAWagAwIBAgIJAPfGf/jpqWP5MA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV
BAYTAk5MMB4XDTIzMDUxODAyMDUwMVoXDTMzMDUxODAyMDUwMVowDTELMAkGA1UE
BhMCTkwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMc4ksXD9HAQCGv4EzXs
8wEciiUPlYI2HqoelhJVGqz4e3UzC3BXM5zZlfFNTEQ3yL7EoD/kZDzT88kCQz3D
fFuOeaoJhK6CEzcKv4VpvSo1Ymyx/uSs4EKyQXx75J0nFJssB2uOQz0/bHY6Rpoc
cA0lnbwIx0D82AI3Yv996/wtAgMBAAGjZTBjMAkGA1UdEwQCMAAwCwYDVR0PBAQD
AgXgMEkGA1UdEQRCMECCHHd3dy5zaG90b2thbi1icmF1bnNjaHdlaWcuZGWCFHd3
dy5tYXNzaW1vLWFiYXRlLmV1hwTAqAEBhwTAqEWQMA0GCSqGSIb3DQEBBQUAA4GB
ABjx1ytrqCyFC5/0cjWnbLK9vsvLny2ZikDewfRxqJ5zAxGWLqHOr1SmUmu2DrvB
bkT9g5z19+iMhPnzJz1x7Q2m7WTIJTuUPK+hKZJATDLNhZ86h5Nkw8k9YzKcOrPm
EIqsy55CSgLU0ntljqSBvSb4ifrF1NnIWej2lSfN6r+3
dy5tYXNzaW1vLWFiYXRlLmV1hwTAqAEBhwTAqEWQMA0GCSqGSIb3DQEBBQUAA4IB
AQAuomKlMLwSkP3zvGuA9awDdITM/uCzfd77yi60zMNtFHDMu2YZ2npQSl0czab6
/8fX9goaU8V3cx4KXSLMx7i9AsP1r559Uo3c/4oTZd3xBsElMAn/TXiuujZ2RwdL
RcMOJerlThOE0dtNdniJj7lPaan70CELP/CUn8KgeWgztQJj4ghfUwnLn6RnpLfl
YyM/Xq2YbwnQWHXSe3CPTy5RCWalt3SgZf6IDcD6CNq1Q2l14iR78OWnlxGTFmjP
ez3OzxNT2BZz0AiP0WvTbUtvfuxw9G3fHHe5ClsAopIA3tD246jHOAlqAnOEBC/x
IABbWjY/briP9U4R6x+mg2ck
-----END CERTIFICATE-----

22
tests/data_files/crl-rsa-pss-sha1-badsign.pem
View File

@ -1,14 +1,14 @@
-----BEGIN X509 CRL-----
MIICJDCCAQYCAQEwEwYJKoZIhvcNAQEKMAaiBAICAOowOzELMAkGA1UEBhMCTkwx
ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBFw0x
NDAxMjAxMzQ2MzVaFw0yNDAxMTgxMzQ2MzVaMCgwEgIBChcNMTMwOTI0MTYyODM4
WjASAgEWFw0xNDAxMjAxMzQzMDVaoGcwZTBjBgNVHSMEXDBagBS0WuSls97SUva5
1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NM
MRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQC
AgDqA4IBAQB8ZBX0BEgRcx0lfk1ctELRu1AYoJ5BnsmQpq23Ca4YIP2yb2kTN1ZS
4fR4SgYcNctgo2JJiNiUkCu1ZnRUOJUy8UlEio0+aeumTNz6CbeJEDhr5NC3oiV0
MzvLn9rJVLPetOT9UrvvIy8iz5Pn1d8mu5rkt9BKQRq9NQx8riKnSIoTc91NLCMo
mkCCB55DVbazODSWK19e6yQ0JS454RglOsqRtLJ/EDbi6lCsLXotFt3GEGMrob1O
7Qck1Z59boaHxGYFEVnx90+4M3/qikVtwZdcBjLEmfuwYvszFw8J2y6Xwmg/HtUa
y6li0JzWNHtkKUlCv2+SESZbD3NU8GQY
ETAPBgNVBAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBFw0y
MzA1MTcwODA3NDlaFw0zMzA1MTcwODA3NDlaMCgwEgIBChcNMjMwNTE3MDgwNzQ5
WjASAgEWFw0yMzA1MTcwODA3NDlaoGcwZTBjBgNVHSMEXDBagBS0WuSls97SUva5
1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NM
MRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMBMGCSqGSIb3DQEBCjAGogQC
AgDqA4IBAQCMUepEfAXs1G3hDE7rcIPT/AFv/oLQSVwRE8O2G5r4j0CgzN6CSGNi
8qfFVX6f7ds+QM4pxAXk5FH4QJJkev0ZBQxmA/ZDLEFmmCEfPMsA69nG//Xeq+Xz
ZOqJpAewmXoP2UUxV5rRpAIr9g9NvDkTT012eQEpoGkJlpxOln1VW+Dk24PCZFWf
Nf8GMUzUsXfXm7ZdCeuc8ZDYNma0nWAMR9Jw6qaEhyH4Fd/scFvXiF/i4cpVp8Rk
M71wSrCC0pkFzw4/bYMnf0aHle/lNg5e78SAT+/6PA8pXL7Urc0IufOfxCGwqY27
IXSTrZJj4WeQMk289pIccMHj5DUSo4u0
-----END X509 CRL-----

22
tests/data_files/crl-rsa-pss-sha1.pem
View File

@ -1,14 +1,14 @@
-----BEGIN X509 CRL-----
MIICJDCCAQYCAQEwEwYJKoZIhvcNAQEKMAaiBAICAOowOzELMAkGA1UEBhMCTkwx
ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBFw0x
NDAxMjAxMzQ2MzVaFw0yNDAxMTgxMzQ2MzVaMCgwEgIBChcNMTMwOTI0MTYyODM4
WjASAgEWFw0xNDAxMjAxMzQzMDVaoGcwZTBjBgNVHSMEXDBagBS0WuSls97SUva5
1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NM
MRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQC
AgDqA4IBAQB8ZBX0BEgRcx0lfk1ctELRu1AYoJ5BnsmQpq23Ca4YIP2yb2kTN1ZS
4fR4SgYcNctgo2JJiNiUkCu1ZnRUOJUy8UlEio0+aeumTNz6CbeJEDhr5NC3oiV0
MzvLn9rJVLPetOT9UrvvIy8iz5Pn1d8mu5rkt9BKQRq9NQx8riKnSIoTc91NLCMo
mkCCB55DVbazODSWK19e6yQ0JS454RglOsqRtLJ/EDbi6lCsLXotFt3GEGMrob1O
7Qck1Z59boaHxGYFEVnx90+4M3/qikVtwZdcBjLEmfuwYvszFw8J2y6Xwmg/HtUa
y6li0JzWNHtkKUlCv2+SESZbD3NU8GQZ
ETAPBgNVBAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBFw0y
MzA1MTcwODA3NDlaFw0zMzA1MTcwODA3NDlaMCgwEgIBChcNMjMwNTE3MDgwNzQ5
WjASAgEWFw0yMzA1MTcwODA3NDlaoGcwZTBjBgNVHSMEXDBagBS0WuSls97SUva5
1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NM
MRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMBMGCSqGSIb3DQEBCjAGogQC
AgDqA4IBAQCMUepEfAXs1G3hDE7rcIPT/AFv/oLQSVwRE8O2G5r4j0CgzN6CSGNi
8qfFVX6f7ds+QM4pxAXk5FH4QJJkev0ZBQxmA/ZDLEFmmCEfPMsA69nG//Xeq+Xz
ZOqJpAewmXoP2UUxV5rRpAIr9g9NvDkTT012eQEpoGkJlpxOln1VW+Dk24PCZFWf
Nf8GMUzUsXfXm7ZdCeuc8ZDYNma0nWAMR9Jw6qaEhyH4Fd/scFvXiF/i4cpVp8Rk
M71wSrCC0pkFzw4/bYMnf0aHle/lNg5e78SAT+/6PA8pXL7Urc0IufOfxCGwqY27
IXSTrZJj4WeQMk289pIccMHj5DUSo4uO
-----END X509 CRL-----

28
tests/data_files/crl-rsa-pss-sha224.pem
View File

@ -1,16 +1,16 @@
-----BEGIN X509 CRL-----
MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgShGjAYBgkq
hkiG9w0BAQgwCwYJYIZIAWUDBAIEogQCAgDiMDsxCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
MTM1NjA2WhcNMjQwMTE4MTM1NjA2WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
SAFlAwQCBKEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIDggEBAEJI
i9sQOzMvvOTksN48+X+kk/wkLMKRGI222lqU6y6tP1LX3OE/+KN8gPXR+lCC+e0v
TsRTJkpKEcmHZoP/8kOtZnLb9PdITKGMQnZ+dmn5MFEzZI/zyrYWuJTuK1Q83w0e
Mc88cAhu8i4PTk/WnsWDphK1Q2YRupmmwWSUpp1Z2rpR+YSCedC01TVrtSUJUBw9
NSqKDhyWYJIbS6/bFaERswC8xlMRhyLHUvikjmAK36TbIdhTnEffHOPW75sEOEEB
f0A3VtlZ7y5yt2/a6vOauJCivxKt/PutdHfBqH43QQmoVLWC2FmT9ADTJwcsZB3D
a6JSqCIMRCQY2JOUn0A=
MIICgjCCATUCAQEwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgQFAKEcMBoG
CSqGSIb3DQEBCDANBglghkgBZQMEAgQFAKIEAgIA4jA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIz
MDUxNzA4MDc0OVoXDTMzMDUxNzA4MDc0OVowKDASAgEKFw0yMzA1MTcwODA3NDla
MBICARYXDTIzMDUxNzA4MDc0OVqgZzBlMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnV
ppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wx
GTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzAN
BglghkgBZQMEAgQFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgQFAKIEAgIA
4gOCAQEANsElK5qMavcgBXsqgysCIIwEPj+dXdBOwXW17HWh2jcSwAssFNRxhiIc
PoUjj2fNlbOWXLPoxXBitgkJ31UAYCteGSv3j5P3WEuriVwCG889JEoMWn9U4+f9
f5jSVNfynyiAOiwpA0TrOhZOAs9SEj742S1pzhsb9yaOXeQXNnDv8HYe3uX9/D9w
ynot+/EwCYEuvK8XQ6qnV6588NHEAd9x+OcV9pxWrmUE8Muz1KffBwD5+SOW+Taj
4fKQPcKJoRXOKyLXpOz7yMl/6fCf6h3Qj/H4YI/2gsWI0iduKoXDsuQkMEdPTZvk
7P88YK3/4MReaZS3sDyhhUrojELPXw==
-----END X509 CRL-----

28
tests/data_files/crl-rsa-pss-sha256.pem
View File

@ -1,16 +1,16 @@
-----BEGIN X509 CRL-----
MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgGhGjAYBgkq
hkiG9w0BAQgwCwYJYIZIAWUDBAIBogQCAgDeMDsxCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
MTM1NjE2WhcNMjQwMTE4MTM1NjE2WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
SAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAEZ4
oqp9i5eXrN6aCSTaU1j07MVTFW/U1jQAq6GseB6bEvoEXFMUHJsgAObqCK9flfEC
FEqXqWSo33hhPU7AKKttbDLjUYRNnQAPRUnRIl1/a1+UjqgKchWWD9ityeW8ICxo
IdATX9reYmPDLIMqTC7zuflYkvrvdEOuBORQP5mn4j8t84MSQF/p4qzaU0XxLo4X
ckzZCcHpa45AApCDjJMd9onhFVCYsykiYrF9NQFO8TI4lQ5jv79GoufEzvhY1SPB
r1xz4sMpfyaoPaa3SM2/nD65E5jzXell2u2VWNGKv4zAQP0E5yGel+1rklBltadb
XLdJyyak33CLBKu+nJc=
MIICgjCCATUCAQEwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgEFAKEcMBoG
CSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIEAgIA3jA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIz
MDUxNzA4MDc0OVoXDTMzMDUxNzA4MDc0OVowKDASAgEKFw0yMzA1MTcwODA3NDla
MBICARYXDTIzMDUxNzA4MDc0OVqgZzBlMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnV
ppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wx
GTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzAN
BglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIEAgIA
3gOCAQEAHLzvRF0RVQL48ZGVFnTk1nsOHXVHS0UVMItsILurXJ4XrOgN1I7iTzu2
wYNtgr+T15jwsPdgU+Gg3127vb2Djm0IUX0dCfYpSFRUv8BjaK962ZPjM0rkWhC6
JUTWSLMAMy4ScqcoC7e4vuN2h4kPOzlvDBIhzWKA03+taAtuIOWjXZu2/Cyeggxs
oXARKI8BEv4b94xwiFJMoMuzcYAkuDIH4MRYANVgOS/zncCRS9D5ZerfoBt70LKX
nzJtT4a0XoxbUJeU8MZ0fR5aAHUQulAPA9CMmBsHkSx7pzAAhCwx/vXbnWPyhA6G
XG6gCKcDR5PZQvQNgi29SLlhRTT5TA==
-----END X509 CRL-----

28
tests/data_files/crl-rsa-pss-sha384.pem
View File

@ -1,16 +1,16 @@
-----BEGIN X509 CRL-----
MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgKhGjAYBgkq
hkiG9w0BAQgwCwYJYIZIAWUDBAICogQCAgDOMDsxCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
MTM1NjI4WhcNMjQwMTE4MTM1NjI4WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
SAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4DggEBAAco
SntUGDLBOAu0IIZaVea5Nt1NMsMcppC0hWPuH1LKAwyUODBqpT+0+AuALK0eIdYR
a7mAB+cv2fFwmwxnQWJ1Fvx4ft/N2AAfB83VRKpSo3xR8bxloHfTWKmyxJHmH9j1
EYmLS86rj3Nhjf4m/YlQQ3Im5HwOgSgBOE8glq5D+0Wmsi9LsNEZXEzMw7TMUgbs
y9o/ghYF/shKU4mewK3DeM9gQiTcH5A4ISXR87hBQ08AKJRAG1CLvTyzqWiUUY+k
q8iZDYF17sHrPi2yn8q9c4zdxiaWDGDdL0Lh90wXGTAageoGEq25TMuL5FpX+u1u
KUH/xf1jEnNzbYNGiZw=
MIICgjCCATUCAQEwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgIFAKEcMBoG
CSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKIEAgIAzjA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIz
MDUxNzA4MDc1MFoXDTMzMDUxNzA4MDc1MFowKDASAgEKFw0yMzA1MTcwODA3NTBa
MBICARYXDTIzMDUxNzA4MDc1MFqgZzBlMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnV
ppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wx
GTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzAN
BglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKIEAgIA
zgOCAQEAnZvMo3nmKXPV+q4m1CdMA7jUtdanJBHDAv2+LZLq4T1QpyN+nmLEB1yX
ARN8/5Px47zm7XyZw6HI1Il34MjblAKIPBVXoswj4YLRceijwiG1bxkh1Kz3lcV0
GCNPNo7tMPii9iATWlVzWBCzx2rLmt/ys0DtNRCMISOYGW1HkyuO28dwA6nUJwSS
Ddjr3iilavnBdpzddH9AiN5Fm0sfrFBANx79Qyp0/r8hqrv7rT33maeRKj3S4e9G
zpO6uHPAh9Obo93DxpKpXoMwxDiHv+bwHPO4J1YOiryy/KZmHhzUMPfvP09pGg9f
zGO/bOyiHGH0Lf4F9JVMxpfitdbtwg==
-----END X509 CRL-----

28
tests/data_files/crl-rsa-pss-sha512.pem
View File

@ -1,16 +1,16 @@
-----BEGIN X509 CRL-----
MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgOhGjAYBgkq
hkiG9w0BAQgwCwYJYIZIAWUDBAIDogQCAgC+MDsxCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
MTM1NjM4WhcNMjQwMTE4MTM1NjM4WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
SAFlAwQCA6EaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4DggEBAB9F
ywBfxOjetxNbCFhOYoPY2jvFCFVdlowMGuxEhX/LktqiBXqRc2r5naQSzuHqO8Iq
1zACtiDLri0CvgSHlravBNeY4c2wj//ueFE89tY5pK9E6vZp7cV+RfMx2YfGPAA2
t7tWZ2rJWzELg8cZ8hpjSwFH7JmgJzjE5gi2gADhBYO6Vv5S3SOgqNjiN1OM31AU
p6GHK5Y1jurF5Zwzs+w3wXoXgpOxxwEC4eiS86c9kNSudwTLvDTU0bYEQE1cF+K0
sB8QWABFJfuO5kjD2w3rWgmAiOKsZoxd1xrda+WD3JhDXnoVq3oVBIVlWVz6YID8
enMfMvwScA5AImzu9xA=
MIICgjCCATUCAQEwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgMFAKEcMBoG
CSqGSIb3DQEBCDANBglghkgBZQMEAgMFAKIEAgIAvjA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIz
MDUxNzA4MDc1MFoXDTMzMDUxNzA4MDc1MFowKDASAgEKFw0yMzA1MTcwODA3NTBa
MBICARYXDTIzMDUxNzA4MDc1MFqgZzBlMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnV
ppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wx
GTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzAN
BglghkgBZQMEAgMFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgMFAKIEAgIA
vgOCAQEAtMPpQMet9BfMRLg0AW9QfL3QkktV7xk++BqYFOYynBiqxjQH4AKu3wU8
eiGd3+2xNpQd2/sG7UUNo1Vnl9gCHRiT4bje6+CdvvqaZKSgpmsiztbgBAYORriF
flKOKOOQTxaikqJ4t7vp727JmstADuyizTgOBE0k3V1glas8B0G122YheeHF02S4
+33Nss4hbfbTilR0RccOaqiXzF9bkFsTlD5KgyUFZbFtdy+1zHZLnRUAJA1HmDeP
r5p2mJxKwXmZzLnw/FPa8fUH665TKYk08AuIpN+VHdPwiBoYHJ2YZJWgM+1qHq1y
tlyoAOC6beqsh9OfxcQZaEiWbUI9yQ==
-----END X509 CRL-----

12
tests/data_files/parse_input/server5-non-compliant.crt Normal file
View File

@ -0,0 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBwjCCAUagAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
Fw0wMTAxMDEwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMCQxIjAgBgNVBAMMGVRlc3Qg
RUMgUkZDIG5vbi1jb21wbGlhbnQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3
zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqI
wmt3DVXNiioO+gHItO3/o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRQYaWP1AfZ
14IBDOVlf4xjRqcTvjAfBgNVHSMEGDAWgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAM
BggqhkjOPQQDAgUAA2gAMGUCMAJ3J/DooFSaBG2OhzyWai32q6INDZfoS2bToSKf
gy6hbJiIX/G9eFts5+BJQ3QpjgIxALRmIgdR91BDdqpeF5JCmhgjbfbgMQ7mrMeS
ZGfNyFyjS75QnIA6nKryQmgPXo+sCQ==
-----END CERTIFICATE-----

25
tests/data_files/server1-nospace.crt
View File

@ -1,21 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDhDCCAmygAwIBAgIBHzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTQwMzI2MDkyMzEyWhcNMjQwMzIzMDkyMzEyWjA7MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEHBvbGFyc3NsLmV4YW1wbGUwggEiMA0G
MIIDPjCCAiagAwIBAgIBHzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA7MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEHBvbGFyc3NsLmV4YW1wbGUwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpAh89QGrVVVOL/TbugmUuFWFeib+4
6EWQ2+6IFlLT8UNQR5YSWWSHa/0r4Eb5c77dz5LhkVvtZqBviSl5RYDQg2rVQUN3
Xzl8CQRHgrBXOXDto+wVGR6oMwhHwQVCqf1Mw7Tf3QYfTRBRQGdzEw9A+G2BJV8K
sVPGMH4VOaz5Wu5/kp6mBVvnE5eFtSOS2dQkBtUJJYl1B92mGo8/CRm+rWUsZOuV
m9z+QV4XptpsW2nMAroULBYknErczdD3Umdz8S2gI/1+9DHKLXDKiQsE2y6mT3Bu
ns69WIniU1meblqSZeKIPwyUGaPd5eidlRPtKdurcBLcWsprF6tSglSxAgMBAAGj
gZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQUH3TWPynBdHRFOwUSLD2ovUNZAqYw
YwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYT
Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBD
QYIBADANBgkqhkiG9w0BAQsFAAOCAQEAXs4vQqlIlxrMbE6IwAHLcGJuz17Ru/en
H9bUnnSh1pxa+NHMKZHBG3GT0iaxsVtXf56/tXH4+HL7ntJjrczGN1PbhMGPyt94
556ZgDxkHT9k7KjPAIs9BrjFHvl9NyIZzcbwkiC0qGvdzjSfe3AiSYuhXI/9/Hog
uUwReH+T2U/ICEHQ5O8aV5nvpgqL3EeEmyx3bu+YXtZMWQUYzX+ya4TnKVPdqwbf
ebr6v1hLXrUFl6rZ3wEJ6MqUW3SGZRkCVNZUOD6Ky3+EiLwYFhuKGdFqSS0JAAD7
ZO3yPu5hu3BhAQYavK4Yyfi9IQmubBqxopPwyzjG1HPw2lj+oapH0w==
TTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB901j8pwXR0RTsFEiw9qL1DWQKmMB8G
A1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUAA4IB
AQC8fX3ZiHu6GoYBB5Vo1l6CXXDhHB6r43Pp+BHoOCouiiy4useiPLu5S84gmNoC
v8ZR+b9lAaysCMHAbth9vgtW+aXckBY6xKo8CsmGXcqZqujD6qrDif5q6UpXa4Oe
fr6ITkecY4Z9oN/aN5el5zzUd5zkoyQDI5Bn1gMdvV7AwM7Haq+5gTFwM7HJnphz
GZ8GLxWU1dWeAfsGm58ey6J28OjIkmfP3yL/kBKMhiQZydbH9Y8Yal7YwhayXxES
i7YwhNmPcGAgDBm5Sno7BvHiIqsNX1sssC3aZUaZvldJGY+4Y9fFZHenBwTREj/S
CnEgazC2RJ3kYg3mP/QhE0US
-----END CERTIFICATE-----

34
tests/data_files/server1-v1.crt
View File

@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDITCCAgkCDFOitscEzU2OvIALwTANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
ExNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLEwd0ZXN0aW5nMREwDwYDVQQK
EwhQb2xhclNTTDELMAkGA1UEBhMCTkwwIhgPMjAxNDA2MTkxMDA5MTFaGA8yMDI0
MDYxODEwMDkxMVowTjEaMBgGA1UEAxMRc2VydmVyMS9pbnQtY2EtdjExEDAOBgNV
BAsTB3Rlc3RpbmcxETAPBgNVBAoTCFBvbGFyU1NMMQswCQYDVQQGEwJOTDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J
v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB
Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl
XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk
65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP
cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA
ATANBgkqhkiG9w0BAQsFAAOCAQEAPJl3fbVeTJ6gVAvCoLYM8JY5U7ZhrCCdBghw
WuZBS/TWwf4WLP0G/ZtTyTOENcT0gWHf0/VnXtNPw2/yBjWsLtTXxN2XQlEVf3j/
WcQxWgSESYdx/sT/uTW6qihuONPWkTQizmx7OG6vBuGx3g54s9/oeJKXOraNqud3
G4KBrytOazliMfoKO2hnzaeydpaDtb2tZX8apN/6KqQpTAcXsWrZRW9XEHWq2sNz
IR1nIE1F/9gnqi9Xy0HQprteLRUvM4tEQ35m4H20eS5Y9gJlE/DqXmMQ7aiU8DgP
krj+Z18pcrssO+Etv0BOiPjmU9TWWpDMj34ef7U/OH5qJxkSrA==
MIIDHTCCAgUCDFOitscEzU2OvIALwTANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
DBNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLDAd0ZXN0aW5nMREwDwYDVQQK
DAhQb2xhclNTTDELMAkGA1UEBhMCTkwwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEw
MTQ0NDA2WjBOMRowGAYDVQQDDBFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECwwH
dGVzdGluZzERMA8GA1UECgwIUG9sYXJTU0wxCzAJBgNVBAYTAk5MMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/uOhF
kNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFDd185
fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVfCrFT
xjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTrlZvc
/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9wbp7O
vViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQABMA0G
CSqGSIb3DQEBCwUAA4IBAQBrdYAEzdH6ryyYaolYvp8Fvq0wZxp6Bdcxvi0LUGmb
TdWcNrPU9IYASc5QSrSWPj0c9vhLVbDZAONfn92thi7C2zQXok2Q3jW038ycNSXN
lVxFkdY4GYa3E6Og1LVIySyzfyyNuHKKWbB5wZCWbzOgu2Q1MHSNvPhKjbDhyGtT
Mq3Qy6TyzUFbXMRBixcJC/Cy4zsqvWBanVtBmwlvgE4Q50CUgybzSEIL5j+aPLuW
aj8j2NRB2+7vPeoWd8ry5YxEKB3DRuXHHyyFnT5O8MpWuCl764qFMc8S/i7yVcmZ
egZQw0dCmE5J4EGX0BEQEM24ll2e8SxL351hbCQ+EfvF
-----END CERTIFICATE-----

17
tests/data_files/server1.req.sha256.conf Normal file
View File

@ -0,0 +1,17 @@
req_extensions = req_ext
[req_ext]
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
email = mail@example.com
DNS = example.com
dirName = dirname_sect
IP = 127.0.0.1
URI = http://pki.example.com
[dirname_sect]
C=UK
O=Mbed TLS
CN=Mbed TLS directoryName SAN

22
tests/data_files/server1.req.sha256.ext
View File

@ -1,18 +1,20 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIC3jCCAcYCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
MIIDPzCCAicCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaBdMFsGCSqGSIb3DQEJDjFO
MEwwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNQYDVR0RBC4wLIYXaHR0cDovL3BraS5l
eGFtcGxlLmNvbS+HBH8BAQCCC2V4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IB
AQCGmTIXEUvTqwChkzRtxPIQDDchrMnCXgUrTSxre5nvUOpjVlcIIPGWAwxRovfe
pW6OaGZ/3xD0dRAcOW08sTD6GRUazFrubPA1eZiNC7vYdWV59qm84N5yRR/s8Hm+
okwI47m7W9C0pfaNXchgFUQBn16TrZxPXklbCpBJ/TFV+1ODY0sJPHYiCFpYI+Jz
YuJmadP2BHucl8wv2RyVHywOmV1sDc74i9igVrBCAh8wu+kqImMtrnkGZDxrnj/L
5P1eDfdqG2cN+s40RnMQMosh3UfqpNV/bTgAqBPP2uluT9L1KpWcjZeuvisOgVTq
XwFI5s34fen2DUVw6MWNfbDK
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaCBvTCBugYJKoZIhvcNAQkO
MYGsMIGpMBMGA1UdJQQMMAoGCCsGAQUFBwMBMIGRBgNVHREEgYkwgYaBEG1haWxA
ZXhhbXBsZS5jb22CC2V4YW1wbGUuY29tpEcwRTELMAkGA1UEBhMCVUsxETAPBgNV
BAoMCE1iZWQgVExTMSMwIQYDVQQDDBpNYmVkIFRMUyBkaXJlY3RvcnlOYW1lIFNB
TocEfwAAAYYWaHR0cDovL3BraS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOC
AQEAclrNmmgAoa4ctwyBwD1T8jbyBeuxTf+ifc+MQ6pE7YuYSlanHE5l/CoVlW14
lR5gA01pWJJ7T8RBvo25OqXbvMFSafeGXpSHOG69A6p/7YULtbPuS6uvtdR0m3t+
2IacL0q5FsSmPw07RNfVGDFniKVqD8eAuYnhFztk0+uZVYD4xGezUckb2wTbzFpu
lUA/NhoWfCyV44TDR5fy23qNXywEhatDU/3nMmSJpBVy4y7J6BQVCl/fbyuKIOqu
0OVP+FvANSO46twA9+38hI+/nPuVwtbBvg1aLBMbLZ3Egi2uozokYFYL22JYNGJo
XORQgR66Sdrvfhiug+F5xmldCg==
-----END CERTIFICATE REQUEST-----

68
tests/data_files/server2-v1-chain.crt
View File

@ -1,38 +1,38 @@
-----BEGIN CERTIFICATE-----
MIIDFTCCAf0CDFOittkjXbxFc/m3bDANBgkqhkiG9w0BAQsFADBOMRowGAYDVQQD
ExFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECxMHdGVzdGluZzERMA8GA1UEChMI
UG9sYXJTU0wxCzAJBgNVBAYTAk5MMCIYDzIwMTQwNjE5MTAwOTI5WhgPMjAyNDA2
MTgxMDA5MjlaMEQxEDAOBgNVBAMTB3NlcnZlcjIxEDAOBgNVBAsTB3Rlc3Rpbmcx
ETAPBgNVBAoTCFBvbGFyU1NMMQswCQYDVQQGEwJOTDCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCI
p+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj
+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ
4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYva
i0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P
6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAATANBgkqhkiG9w0B
AQsFAAOCAQEAivCCMBfC5YNeozwp8vAWpiRUakhtO8ysvCfQsZD4tWLlSkrjoUtG
3RNd9gDVDGb852GswtNMKHJC1AeZuXdh3eBoDBNTXnR/9UkHgWNBy5f+JH2irYrc
ps5ofpYJZe7K6xQjl+RLc8nfUUaVfS3dJnyLr9k5kg4in48p+hEF6oXDBu2zdufF
53k/U98FTvFkVisEDFzLXyKX0fAZxfMk4qnEoBflH4fEXfkuuaBUVdoGGIMRLNAW
GIyRxr+zj+OJL+ZjjAkY4JqtEuUuLjODn//DHI/MkqE0LANOvbb4akpgZsyvSSO3
o38d1wQHw5+bO+YDqdfIdQXguU5mtS1xAw==
MIIDETCCAfkCDFOittkjXbxFc/m3bDANBgkqhkiG9w0BAQsFADBOMRowGAYDVQQD
DBFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECwwHdGVzdGluZzERMA8GA1UECgwI
UG9sYXJTU0wxCzAJBgNVBAYTAk5MMB4XDTE5MDIxMDE0NDQwNloXDTI5MDIxMDE0
NDQwNlowRDEQMA4GA1UEAwwHc2VydmVyMjEQMA4GA1UECwwHdGVzdGluZzERMA8G
A1UECgwIUG9sYXJTU0wxCzAJBgNVBAYTAk5MMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r
lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2
2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ
Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i
GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb
y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABMA0GCSqGSIb3DQEBCwUA
A4IBAQBmzdRQV8c0AbT8+IlPf7EpzfdhBwBtDj7N8GPEHL+NqS1hHt7TH3L7jBN3
CqLUgrAP1LFmQrjW5IPZYNZEA+LxMMjAehvOH71pBsFGvQOpx2CwmqM86s9FIgIa
zob7L34+xVEZfmR09PsLiT7gF13ht0HkvVZ2haBU0k3vV97aEVvPtbqrlR6RfLrZ
8nXBFt5CkzGxepS4wBCW4TrGXxpMJ0WnnhcLJVnExUd6YbzGP+ewXCKegD1wDX6z
UsEVGDQV97u3tszF43kx0nu/Q5DYMCqJV0kpIsMB467xPnNqyMdGtTbZq2Is8oj6
VA+fctBdN0CW4jo+qkOif0l/F8Az
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDITCCAgkCDFOitscEzU2OvIALwTANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
ExNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLEwd0ZXN0aW5nMREwDwYDVQQK
EwhQb2xhclNTTDELMAkGA1UEBhMCTkwwIhgPMjAxNDA2MTkxMDA5MTFaGA8yMDI0
MDYxODEwMDkxMVowTjEaMBgGA1UEAxMRc2VydmVyMS9pbnQtY2EtdjExEDAOBgNV
BAsTB3Rlc3RpbmcxETAPBgNVBAoTCFBvbGFyU1NMMQswCQYDVQQGEwJOTDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J
v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB
Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl
XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk
65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP
cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA
ATANBgkqhkiG9w0BAQsFAAOCAQEAPJl3fbVeTJ6gVAvCoLYM8JY5U7ZhrCCdBghw
WuZBS/TWwf4WLP0G/ZtTyTOENcT0gWHf0/VnXtNPw2/yBjWsLtTXxN2XQlEVf3j/
WcQxWgSESYdx/sT/uTW6qihuONPWkTQizmx7OG6vBuGx3g54s9/oeJKXOraNqud3
G4KBrytOazliMfoKO2hnzaeydpaDtb2tZX8apN/6KqQpTAcXsWrZRW9XEHWq2sNz
IR1nIE1F/9gnqi9Xy0HQprteLRUvM4tEQ35m4H20eS5Y9gJlE/DqXmMQ7aiU8DgP
krj+Z18pcrssO+Etv0BOiPjmU9TWWpDMj34ef7U/OH5qJxkSrA==
MIIDHTCCAgUCDFOitscEzU2OvIALwTANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
DBNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLDAd0ZXN0aW5nMREwDwYDVQQK
DAhQb2xhclNTTDELMAkGA1UEBhMCTkwwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEw
MTQ0NDA2WjBOMRowGAYDVQQDDBFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECwwH
dGVzdGluZzERMA8GA1UECgwIUG9sYXJTU0wxCzAJBgNVBAYTAk5MMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/uOhF
kNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFDd185
fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVfCrFT
xjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTrlZvc
/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9wbp7O
vViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQABMA0G
CSqGSIb3DQEBCwUAA4IBAQBrdYAEzdH6ryyYaolYvp8Fvq0wZxp6Bdcxvi0LUGmb
TdWcNrPU9IYASc5QSrSWPj0c9vhLVbDZAONfn92thi7C2zQXok2Q3jW038ycNSXN
lVxFkdY4GYa3E6Og1LVIySyzfyyNuHKKWbB5wZCWbzOgu2Q1MHSNvPhKjbDhyGtT
Mq3Qy6TyzUFbXMRBixcJC/Cy4zsqvWBanVtBmwlvgE4Q50CUgybzSEIL5j+aPLuW
aj8j2NRB2+7vPeoWd8ry5YxEKB3DRuXHHyyFnT5O8MpWuCl764qFMc8S/i7yVcmZ
egZQw0dCmE5J4EGX0BEQEM24ll2e8SxL351hbCQ+EfvF
-----END CERTIFICATE-----

34
tests/data_files/server2-v1.crt
View File

@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDFTCCAf0CDFOittkjXbxFc/m3bDANBgkqhkiG9w0BAQsFADBOMRowGAYDVQQD
ExFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECxMHdGVzdGluZzERMA8GA1UEChMI
UG9sYXJTU0wxCzAJBgNVBAYTAk5MMCIYDzIwMTQwNjE5MTAwOTI5WhgPMjAyNDA2
MTgxMDA5MjlaMEQxEDAOBgNVBAMTB3NlcnZlcjIxEDAOBgNVBAsTB3Rlc3Rpbmcx
ETAPBgNVBAoTCFBvbGFyU1NMMQswCQYDVQQGEwJOTDCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCI
p+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj
+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ
4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYva
i0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P
6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAATANBgkqhkiG9w0B
AQsFAAOCAQEAivCCMBfC5YNeozwp8vAWpiRUakhtO8ysvCfQsZD4tWLlSkrjoUtG
3RNd9gDVDGb852GswtNMKHJC1AeZuXdh3eBoDBNTXnR/9UkHgWNBy5f+JH2irYrc
ps5ofpYJZe7K6xQjl+RLc8nfUUaVfS3dJnyLr9k5kg4in48p+hEF6oXDBu2zdufF
53k/U98FTvFkVisEDFzLXyKX0fAZxfMk4qnEoBflH4fEXfkuuaBUVdoGGIMRLNAW
GIyRxr+zj+OJL+ZjjAkY4JqtEuUuLjODn//DHI/MkqE0LANOvbb4akpgZsyvSSO3
o38d1wQHw5+bO+YDqdfIdQXguU5mtS1xAw==
MIIDETCCAfkCDFOittkjXbxFc/m3bDANBgkqhkiG9w0BAQsFADBOMRowGAYDVQQD
DBFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECwwHdGVzdGluZzERMA8GA1UECgwI
UG9sYXJTU0wxCzAJBgNVBAYTAk5MMB4XDTE5MDIxMDE0NDQwNloXDTI5MDIxMDE0
NDQwNlowRDEQMA4GA1UEAwwHc2VydmVyMjEQMA4GA1UECwwHdGVzdGluZzERMA8G
A1UECgwIUG9sYXJTU0wxCzAJBgNVBAYTAk5MMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r
lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2
2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ
Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i
GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb
y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABMA0GCSqGSIb3DQEBCwUA
A4IBAQBmzdRQV8c0AbT8+IlPf7EpzfdhBwBtDj7N8GPEHL+NqS1hHt7TH3L7jBN3
CqLUgrAP1LFmQrjW5IPZYNZEA+LxMMjAehvOH71pBsFGvQOpx2CwmqM86s9FIgIa
zob7L34+xVEZfmR09PsLiT7gF13ht0HkvVZ2haBU0k3vV97aEVvPtbqrlR6RfLrZ
8nXBFt5CkzGxepS4wBCW4TrGXxpMJ0WnnhcLJVnExUd6YbzGP+ewXCKegD1wDX6z
UsEVGDQV97u3tszF43kx0nu/Q5DYMCqJV0kpIsMB467xPnNqyMdGtTbZq2Is8oj6
VA+fctBdN0CW4jo+qkOif0l/F8Az
-----END CERTIFICATE-----

27
tests/data_files/server2.ku-ds.crt
View File

@ -1,21 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDijCCAnKgAwIBAgIBLDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTQwNDA5MDg0NDUxWhcNMjQwNDA2MDg0NDUxWjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
MIIDRzCCAi+gAwIBAgIBLDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaOBnzCBnDAJ
BgNVHRMEAjAAMB0GA1UdDgQWBBSlBehkuNzfYA9QEk1gqGSvTYtDkzBjBgNVHSME
XDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAP
BgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAsG
A1UdDwQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAc4kubASrFXFtplkYp6FUcnUn
Pf/6laS1htI+3y+q1UHWe2PcagZtCHTCUGBSWLeUIiaIBheaIRqv+4sSFVuXB7hV
0PGXpO5btth4R8BHzGqCdObKvPujp5BDq3xgcAFicA3HUMNsJoTDv/RYXY7je1Q5
ntVyVPeji0AWMUYQjcqHTQQPGBgdJrRTMaYglZh15IhJ16ICNd9rWIeBA0h/+r0y
QuFEBz0nfe7Dvpqct7gJCv+7/5tCujx4LT17z7oK8BZN5SePAGU2ykJsUXk8ZICT
ongaQQVQwS6/GJ6A5V8ecaUvFrTby1h9+2sOW8n2NRGiaaG5gkvxVeayemcmOQ==
HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3
DQEBBQUAA4IBAQCcDy5VWW133eL1TesUkejziAz9QNBHvWkKNs0jF6+fRgWgFP5Y
EE87rQX0Z1XiyTDB4LdKfivRi3TMD7EX8o6q9C3H/ilu5anrgha8WziMrtv/s9IF
QjpyHdnXGoXmA9uDqQLtucR5yep3ux4mlwS8GG3IUkpkdysNOrVvSARm0ZagQ9tn
YZyEjGd8wP3jKYNJAB2OdnvX9OqBmEyvSmMucSidkMkdLrUcjmOtz+AkqoRGewwc
eClstlp8NEuP37q2KLYtbQMpio1Kzsr3PCey1UImKNjauypS2Dpzl1RnmBw+c5En
SdLMa+ns3odRhF0IvENDhz/mKZJvwtoz/NBz
-----END CERTIFICATE-----

27
tests/data_files/server2.ku-ds_ke.crt
View File

@ -1,21 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDijCCAnKgAwIBAgIBMDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTQwNDA5MTAwMjQ5WhcNMjQwNDA2MTAwMjQ5WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
MIIDRzCCAi+gAwIBAgIBMDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaOBnzCBnDAJ
BgNVHRMEAjAAMB0GA1UdDgQWBBSlBehkuNzfYA9QEk1gqGSvTYtDkzBjBgNVHSME
XDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAP
BgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAsG
A1UdDwQEAwIFoDANBgkqhkiG9w0BAQUFAAOCAQEAnW7+h85xBP2KJzFSpWfGirVe
ApdC9bX0Z1sVMmD486N+ty9W6BP6kJRxLDX0fOuRc3x7mCy5qZg/Yj40+yQSoA0w
bTNwJjuR8iMqWIqLw9hWR+E9T4lYLZWyGJVjlVTkO4i5wifwhoJE9Doohh/6crn5
ImWgEkgT/wDVIHoamciO6KU36d0iAEEP2eYgxv2/sVHvjjsseTdvYh3D3VuOmQtS
uUvFxc6H5kYoq/yodJWDaOn3RS8pEpDsiW+abcWyxNTPtHFroJV7e9aaVmhlRSzw
sYDyD/ZyIlavoPSEiD3LTT/Tp6BIpz+zb4WHOHLEvUCsZputqxPVcNoEAi9xuA==
HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3
DQEBBQUAA4IBAQB6u7D3tAsB75aZEcUfv2XyeLX4P99mzx2yOBSsPaIDTRyv0XoT
vbgUA7viX/F7I8b2kc6ihRXSu/98c7Vr/uSm0LfV3VMgoAXBCWNg/5c/N3c0YnZ2
imuv0yeXw5cJI3iYQJmllawdrGgOslfPuO7kqrFt3uGaylITpVLQ7w7iDpPbAFM8
kPpO6CMyCFi6miQYoZchTTP9X3dpbpNdB2FlSVT55J6TIvH5x4t7XCFJuvYYJxrf
8I3UFR3OnBR625zUHXJ6uV8yHG5ze+4K2n9CHcyX7zuZ+bB0e8wIS6Xf99M+1ApF
ESvXwHI0Fu8s/PJ+leD28CRJQMuAOJIYBMnS
-----END CERTIFICATE-----

27
tests/data_files/server2.ku-ka.crt
View File

@ -1,21 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDijCCAnKgAwIBAgIBKjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTQwNDA5MDg0NDIzWhcNMjQwNDA2MDg0NDIzWjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
MIIDRzCCAi+gAwIBAgIBKjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaOBnzCBnDAJ
BgNVHRMEAjAAMB0GA1UdDgQWBBSlBehkuNzfYA9QEk1gqGSvTYtDkzBjBgNVHSME
XDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAP
BgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAsG
A1UdDwQEAwIDCDANBgkqhkiG9w0BAQUFAAOCAQEAriPloIWfu7U8d1hls97C7OBI
OiE2xFh2UmuN/9hTK2CyW6MtBf8aG3l4jQDrsutHO0gUyoR67ug4yj+s+0S/zETZ
q6mPo7cBbVwjhGciQRiYgufFpdnbXR05HDgOVPK7qqjL6UOZnbu5caIEvIJgdwXn
n8WB9x/Ii4/2S9ysmRdRhDBYekzgH3Ac2UnHJTMh1XaSL817MW6B9BDKHt4xa7pW
cplDzrFKYbmxSSxzALE4Dr+zRvmDx4bcYpBkRRfOhnnR1caQBgaZzPcX/Vu+vw8e
qs2nyBW5RBu8MBCBU1DpqOSo6jl0QTpuq3NzQZIouG9fyckqDJS5ibrxQTutPw==
HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgMIMA0GCSqGSIb3
DQEBBQUAA4IBAQAxJDMtlqpFHKw5ymqzgfnm0aY51PZOXpsPfoed7Vz2PzSB2eJ0
JQc+QuLhippy8hnPmPZg/HQ/gedbxFKPiIiYEh86GvnBFozQ+c8sE0h6tJgVOJJi
ADUNeVJoq03WIroTMqAB0uW0rHB+OFm7uRwIDFr2gWVrKZKg/KsDrxtng2wPOgbU
xvPRtNyaOZjV0GjuBhWxpPTxXw27e5Mq3MS5B9piZgPXmam5lZdOe0LNrbQShfmP
4mk4drjdQaUrL3JLpLt8S4oihZU+dOHkYdZVHSAuuGikZK7qPfEdP/yrZTCgtY54
vXxv47xT9L+pWtiTosBmsy/ewvWprVJIxLh3
-----END CERTIFICATE-----

27
tests/data_files/server2.ku-ke.crt
View File

@ -1,21 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDijCCAnKgAwIBAgIBKzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTQwNDA5MDg0NDM5WhcNMjQwNDA2MDg0NDM5WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
MIIDRzCCAi+gAwIBAgIBKzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaOBnzCBnDAJ
BgNVHRMEAjAAMB0GA1UdDgQWBBSlBehkuNzfYA9QEk1gqGSvTYtDkzBjBgNVHSME
XDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAP
BgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAsG
A1UdDwQEAwIFIDANBgkqhkiG9w0BAQUFAAOCAQEAqreLAIuxeLGKbhoEROYRqXxO
ndaC6uDcpxhgmEW7B2DW6ZtX8155v3ov61MuMas8fEQjD5STDP9qERxNTePnhW3m
kDZd2jUBE3ioHhTBv47i1PYU+DRe42kY6z0jUmNPK8TsTKfdbqTGXg9THe1KYB7q
hdljqGS08IgBl/q2lK2OOSycu27xhfb9Mo0BcLBab92WgyBu+cFPQsKiL4mD7QyJ
+73Ndb21EuANUjsRDQ3NPklssJcyJB2v85eekwk1acZUG21no3wdTvjxhVE/Xrdz
zUP9WkvAVfUrwGjUzG4YHE8wkHO7xKbKixNt+nQmDhe+tHVbztZjVwFJ8010gg==
HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgUgMA0GCSqGSIb3
DQEBBQUAA4IBAQCeNpH2eSUXpq0CPlE6P1/bJW2f0vKFWMnZ6B3eFCdMCcKJ6LYV
BA1Dn5G5HEW4mBMJfyMwD5sklyEzQDCgIDjws+BRUflMr71AerfesHIGdW4jAw10
aWwFMeszzZ54ZahX2GHPcwWfTccSf9tpSaRMlNBEIz8lfb2iEZ2HR9eAmAqYgtR1
RbYcsNfC0oBYOCTRmvXi+wpGcUWn+VbIv6rHrQYnWXiPAuPJUqIpM0x9q0kT6NCi
LfdhaVV2DPnvBYGRcXX78JK5/MQt/sv4JSefRpvxpVQCmbo0amz7hUMHGCflAbro
FpyBlfcpj0lSRoaU9x0mCYzqwDYd+4NJZUGT
-----END CERTIFICATE-----

20
tests/data_files/server5-selfsigned.crt
View File

@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBzTCCAXKgAwIBAgIMU6LLSxJOrYN9qJSyMAoGCCqGSM49BAMCMEcxEzARBgNV
BAMTCnNlbGZzaWduZWQxEDAOBgNVBAsTB3Rlc3RpbmcxETAPBgNVBAoTCFBvbGFy
U1NMMQswCQYDVQQGEwJOTDAiGA8yMDE0MDYxOTExMzY0M1oYDzIwMjQwNjE4MTEz
NjQzWjBHMRMwEQYDVQQDEwpzZWxmc2lnbmVkMRAwDgYDVQQLEwd0ZXN0aW5nMREw
DwYDVQQKEwhQb2xhclNTTDELMAkGA1UEBhMCTkwwWTATBgcqhkjOPQIBBggqhkjO
PQMBBwNCAAQ3zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/q
L9I0XV0WvYqIwmt3DVXNiioO+gHItO3/o0AwPjAMBgNVHRMBAf8EAjAAMA8GA1Ud
DwEB/wQFAwMHgAAwHQYDVR0OBBYEFLZtURgXjmWq8uzV8wHkbFLCNB1bMAoGCCqG
SM49BAMCA0kAMEYCIQCf/bzFoge0pCOIrtHrABgc1+Cl9kjlsICpduXhdHUMOwIh
AOJ+nBHfaEGyF4PRJvn/jMDeIaH1zisinVzC2v+JQOWq
MIIBxzCCAW2gAwIBAgIMU6LLSxJOrYN9qJSyMAoGCCqGSM49BAMCMEcxEzARBgNV
BAMMCnNlbGZzaWduZWQxEDAOBgNVBAsMB3Rlc3RpbmcxETAPBgNVBAoMCFBvbGFy
U1NMMQswCQYDVQQGEwJOTDAeFw0yMzA1MDkwMjQ5NTdaFw0zMzA1MDYwMjQ5NTda
MEcxEzARBgNVBAMMCnNlbGZzaWduZWQxEDAOBgNVBAsMB3Rlc3RpbmcxETAPBgNV
BAoMCFBvbGFyU1NMMQswCQYDVQQGEwJOTDBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA2CMR/+ov0jRd
XRa9iojCa3cNVc2KKg76Aci07f+jPzA9MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/
BAQDAgeAMB0GA1UdDgQWBBRQYaWP1AfZ14IBDOVlf4xjRqcTvjAKBggqhkjOPQQD
AgNIADBFAiAXiJxDrd5aLzGB/Uc3kYBIBuSUIMGvol2c8EvwmF3zmQIhAPFrKMgA
s2awzo/PBB5gFTkDub88wRYwS1R9JPYCXUO0
-----END CERTIFICATE-----

10
tests/data_files/server5-ss-forgeca.crt
View File

@ -1,11 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBlDCCATmgAwIBAgIBTTAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
MIIBkzCCATmgAwIBAgIBTTAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
A1UECgwIbWJlZCBUTFMxKDAmBgNVBAMMH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
YXRlIENBIDMwHhcNMTUwOTAxMTEwODQzWhcNMjUwODI5MTEwODQzWjBKMQswCQYD
YXRlIENBIDMwHhcNMjMwNTE3MDkxNDIxWhcNMzMwNTE0MDkxNDIxWjBKMQswCQYD
VQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMxKDAmBgNVBAMMH21iZWQgVExTIFRl
c3QgaW50ZXJtZWRpYXRlIENBIDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3
zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqI
wmt3DVXNiioO+gHItO3/oxAwDjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kA
MEYCIQDBFcXh+IloVYbMiHfCFhw6cYJsj7PZXuTdDMMkNbyJNAIhALz7fBVAMYz9
/g48bLdYT47LOc9QNuaboLIxsq5RseJL
wmt3DVXNiioO+gHItO3/oxAwDjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0gA
MEUCIQD0f3GH9cEJ7cJWPIfwAL/1cGREqO//O/1XggWZv/clnQIgQmlMzGzuUDHq
/mTgGQ9ceSAB9B9im9rcgY6DRFZULnY=
-----END CERTIFICATE-----

22
tests/data_files/server5.eku-cli.crt
View File

@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB5DCCAWmgAwIBAgIBPDAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTQwNDEwMTcyMTIxWhcNMjQwNDA3MTcyMTIxWjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jYjBgMAkGA1UdEwQCMAAwHQYD
VR0OBBYEFFBhpY/UB9nXggEM5WV/jGNGpxO+MB8GA1UdIwQYMBaAFJ1tICRJAT8r
y3i1Gbx+JMnb+zZ8MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAoGCCqGSM49BAMCA2kA
MGYCMQCzHyEvd56zm1AzfDBi3psz3rDL/m0RN2WnbRBQJxIJqjwEXOrKazko9m9q
owgau88CMQDuI0fsq5tnyiHPaDSAE21/6hlrCR6deNbwzB94OuPIbx1wIas9D1jc
//iSmKtbl8Y=
MIIB6zCCAW6gAwIBAgIBPDAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NlMGMwCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
PyvLeLUZvH4kydv7NnwwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwDAYIKoZIzj0E
AwIFAANpADBmAjEAoC1Xxg8Xt3tvM2ZER4jCRv7iSYPWGgNtcYNJj3G0lb0PYi1l
Nd0cqdGxydhm7RJLAjEApAE8koD1ccIPnSFTagT7shOSz1/lOU4wwAWswcwolzt3
xrvFlMoTeJx3sS3Zqdr8
-----END CERTIFICATE-----

22
tests/data_files/server5.eku-cs.crt
View File

@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB4zCCAWmgAwIBAgIBOjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTQwNDEwMTcyMDQxWhcNMjQwNDA3MTcyMDQxWjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jYjBgMAkGA1UdEwQCMAAwHQYD
VR0OBBYEFFBhpY/UB9nXggEM5WV/jGNGpxO+MB8GA1UdIwQYMBaAFJ1tICRJAT8r
y3i1Gbx+JMnb+zZ8MBMGA1UdJQQMMAoGCCsGAQUFBwMDMAoGCCqGSM49BAMCA2gA
MGUCMQC294oVK6fUjH/abI1xzytTusi8dl7518L0Y19q8zi9K19OtxzPK09h7xyy
gaJRvpUCMFS6hYhrht38yqwwhSVlnmTMVtira58mEUhL6v7Qzw1sz/Dm4aXkW3s6
JQV1kqqbRw==
MIIB6jCCAW6gAwIBAgIBOjAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NlMGMwCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
PyvLeLUZvH4kydv7NnwwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwMwDAYIKoZIzj0E
AwIFAANoADBlAjBlMU7Fh18cel20P3rY7esvtPLDHQQKWSCO91XHHkZi1zRPq2px
nwVHayXnOS3CPRsCMQCQDYTyVMS8oEIrm0XPI6HrbCMUq2bhPwaYpelU/asOzYI3
gOjGCDFHtyedJHVK0rs=
-----END CERTIFICATE-----

22
tests/data_files/server5.eku-cs_any.crt
View File

@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB6TCCAW+gAwIBAgIBOzAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTQwNDEwMTcyMDU4WhcNMjQwNDA3MTcyMDU4WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jaDBmMAkGA1UdEwQCMAAwHQYD
VR0OBBYEFFBhpY/UB9nXggEM5WV/jGNGpxO+MB8GA1UdIwQYMBaAFJ1tICRJAT8r
y3i1Gbx+JMnb+zZ8MBkGA1UdJQQSMBAGCCsGAQUFBwMDBgRVHSUAMAoGCCqGSM49
BAMCA2gAMGUCMQCSYaq/9IKOTkzIrU/eOtpha/3af3JwT6vKh4N3cSX62ksMz0GT
Uxmq4UGMBt4VmBkCMBGpYqof6hS1o92ltNRpDSHuVQ+nke1lOsoQ1plZp4SI+bY1
bUD/WrUSLlwikZAeng==
MIIB8DCCAXSgAwIBAgIBOzAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NrMGkwCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
PyvLeLUZvH4kydv7NnwwHAYDVR0lAQH/BBIwEAYIKwYBBQUHAwMGBFUdJQAwDAYI
KoZIzj0EAwIFAANoADBlAjEA89+l8gNC0H75Tzdz/75W6EjGSzZ3m50S4cK5jD6+
ZZLpRcbIqPqMT2MNkCm7ImNpAjAlTkFLVCGnTNX/q7QWOrx8aPXXAeZtY5NFxd66
EJJb+YHTQ80hZhLWX8/QaAJjniU=
-----END CERTIFICATE-----

22
tests/data_files/server5.eku-srv.crt
View File

@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB5DCCAWmgAwIBAgIBPjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTQwNDEwMTcyMTU0WhcNMjQwNDA3MTcyMTU0WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jYjBgMAkGA1UdEwQCMAAwHQYD
VR0OBBYEFFBhpY/UB9nXggEM5WV/jGNGpxO+MB8GA1UdIwQYMBaAFJ1tICRJAT8r
y3i1Gbx+JMnb+zZ8MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAoGCCqGSM49BAMCA2kA
MGYCMQDQzjWB0xZs/8IsqJb7owYYtCiT17939Uuc/1yBF69pJRy7KV/qJlHNvlVu
qwWVTx0CMQDNW/0dlX1gU6ashrZv5Ly4sijg/g645fFpfMKCNXysEb9xiBeEj5de
2x5sX/0OSx4=
MIIB6jCCAW6gAwIBAgIBPjAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NlMGMwCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
PyvLeLUZvH4kydv7NnwwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDAYIKoZIzj0E
AwIFAANoADBlAjEAh+l47FmXR/nUxD8bfnS3sT+QTgc8pXUEqh/gXUs2xINVSoL+
ZewgcNb2UanzCNheAjAnUY4b0M9YHp/eJjls5RzGX6JXtcWwn9JvO1HqMQnHthcy
hPEQ3lW7XG0DIQS1drk=
-----END CERTIFICATE-----

22
tests/data_files/server5.eku-srv_cli.crt
View File

@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB7DCCAXOgAwIBAgIBPTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTQwNDEwMTcyMTQyWhcNMjQwNDA3MTcyMTQyWjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jbDBqMAkGA1UdEwQCMAAwHQYD
VR0OBBYEFFBhpY/UB9nXggEM5WV/jGNGpxO+MB8GA1UdIwQYMBaAFJ1tICRJAT8r
y3i1Gbx+JMnb+zZ8MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAKBggq
hkjOPQQDAgNnADBkAjAmQjJxxC82ZhBpH/GQkOQXDmaaV/JHRHGok1cWn3j3Xj8A
fqRZkp8JihpGIMse208CMFCMdNAfNd1tv+oPuynoK5Oh6/YlASX/otJT68voEIAN
SmsT1m9VPQMIyUo/3RtYjg==
MIIB8zCCAXigAwIBAgIBPTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NvMG0wCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
PyvLeLUZvH4kydv7NnwwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MAwGCCqGSM49BAMCBQADZwAwZAIwHu/xjSqHK91yEM+KgEFGU8Xc3o9rEVrCBFeW
ChIa3slZZdG4OuIm06Tsabf0pBLHAjBYKjoUwWEuDOOQKbbJZG8gKDzMAgEpe/RW
wAjY7i6CzZ1NKfFQ9fQdwA+yjq2fnlg=
-----END CERTIFICATE-----

23
tests/data_files/server5.ku-ds.crt
View File

@ -1,14 +1,13 @@
-----BEGIN CERTIFICATE-----
MIICLTCCAbKgAwIBAgIBLTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTQwNDA5MDg0ODM1WhcNMjQwNDA2MDg0ODM1WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgaowgacwCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAsG
A1UdDwQEAwIHgDAKBggqhkjOPQQDAgNpADBmAjEAzp4DkFMq7eDB0x5FeS9gYDaG
Ol8rVnWlRTLQzHZBQjKp+TcBdHZaBPoi8LyXtWA4AjEA6OWhsuTcv/qXOscQT0rL
eEh8wcCQeJK1uNd78lNvx3W0Pcxdb6cd7AhaAKgXL+r4
MIIB4zCCAWagAwIBAgIBLTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NdMFswCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
PyvLeLUZvH4kydv7NnwwDgYDVR0PAQH/BAQDAgeAMAwGCCqGSM49BAMCBQADaQAw
ZgIxALHO0QR+4vz+fj4WwBQMa55oJDlp1J0PpqoJYKTf6DRx5rNuZxSbNu2wJQWz
MJ9ekQIxAMPo/Rhu4e9KRkEf9rYU9Ynd7t9/PCsXw4JZuxZfToURDsrAI/Pnqc0H
4+FA/EuPJA==
-----END CERTIFICATE-----

23
tests/data_files/server5.ku-ka.crt
View File

@ -1,14 +1,13 @@
-----BEGIN CERTIFICATE-----
MIICKzCCAbKgAwIBAgIBLjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTQwNDA5MDg0ODUwWhcNMjQwNDA2MDg0ODUwWjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgaowgacwCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAsG
A1UdDwQEAwIDCDAKBggqhkjOPQQDAgNnADBkAjACzKQ88/NvngMQBFc9rC484+gO
BRkXP28BqRcj8sBt3EfmEGH23BuhkZuB1OFZuMICMC4/pHgbOQtaY9WZPUROUVVZ
OuO6XsVbhiE0rb/mumqmUwuOrCtC/KFdvFZol4BNGA==
MIIB4jCCAWagAwIBAgIBLjAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NdMFswCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
PyvLeLUZvH4kydv7NnwwDgYDVR0PAQH/BAQDAgMIMAwGCCqGSM49BAMCBQADaAAw
ZQIwCVbbPiS8MJUOz8JBmgLHojKDaJOd4lSfSak0GSl02UjT8OiNyRzA+FlFWO94
YMjyAjEA14/ubZ1ZW3/0hkiFHzhTD2SXbTfYbhDZSq2PR+9sBlUrrx1GhzWw/cOD
3jZd4DQO
-----END CERTIFICATE-----

23
tests/data_files/server5.ku-ke.crt
View File

@ -1,14 +1,13 @@
-----BEGIN CERTIFICATE-----
MIICKzCCAbKgAwIBAgIBLzAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTQwNDA5MDg0OTA0WhcNMjQwNDA2MDg0OTA0WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgaowgacwCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAsG
A1UdDwQEAwIFIDAKBggqhkjOPQQDAgNnADBkAjAMl0Cjv9f45bHeJTul5XpYeJeT
52ZaOLTa/uTLy948EnEIi6sj3nFb9fvsUbsOOjECMAXAMY64KOqzixefz3y3XS/d
9miyeArPOmXU2JJ3LGuNbqqj9IbABawB1OD8v8gRmg==
MIIB4TCCAWagAwIBAgIBLzAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NdMFswCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
PyvLeLUZvH4kydv7NnwwDgYDVR0PAQH/BAQDAgUgMAwGCCqGSM49BAMCBQADZwAw
ZAIwezTY0tigIg6u1dFl90LHYcZ+lJK4BO5Y6U9pn952NFo24NsL8qnG4nxwsL3M
VvV7AjBQ+oZyKSyNp8XRAHYC6lERH7/Gh7HrVWyTRo9iPPL6tE4x/jE7jL9ifgl+
F6982sk=
-----END CERTIFICATE-----

6
tests/data_files/server5.req.ku.sha1
View File

@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBFjCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGjAY
MIIBFDCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGjAY
BgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
QgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/6i/SNF1d
Fr2KiMJrdw1VzYoqDvoByLTt/6AeMBwGCSqGSIb3DQEJDjEPMA0wCwYDVR0PBAQD
AgbAMAsGByqGSM49BAEFAANIADBFAiEAnIKF+xKk0iEuN4MHd4FZWNvrznLQgkeg
2n8ejjreTzcCIAH34z2TycuMpWQRhpV+YT988pBWR67LAg7REyZnjSAB
AgbAMAkGByqGSM49BAEDSAAwRQIhAJyChfsSpNIhLjeDB3eBWVjb685y0IJHoNp/
Ho463k83AiAB9+M9k8nLjKVkEYaVfmE/fPKQVkeuywIO0RMmZ40gAQ==
-----END CERTIFICATE REQUEST-----

22
tests/data_files/server6-ss-child.crt
View File

@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB8jCCAZmgAwIBAgIMU6LLWCI5lHSn7HnsMAoGCCqGSM49BAMCMEcxEzARBgNV
BAMTCnNlbGZzaWduZWQxEDAOBgNVBAsTB3Rlc3RpbmcxETAPBgNVBAoTCFBvbGFy
U1NMMQswCQYDVQQGEwJOTDAiGA8yMDE0MDYxOTExMzY1NloYDzIwMjQwNjE4MTEz
NjU2WjBNMRkwFwYDVQQDExBzZWxmc2lnbmVkLWNoaWxkMRAwDgYDVQQLEwd0ZXN0
aW5nMREwDwYDVQQKEwhQb2xhclNTTDELMAkGA1UEBhMCTkwwWTATBgcqhkjOPQIB
BggqhkjOPQMBBwNCAASBWTF2SST6Fa2roDFuDu0zEfqRJVXBsMGcA3I+mLotpHI3
iR9DN40fjjrY8FfoL0/JAKT323MPssYElNFAOzjjo2EwXzAMBgNVHRMBAf8EAjAA
MA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFDxZrEo+LvwCNi/afcvLnHqyiZlT
MB8GA1UdIwQYMBaAFLZtURgXjmWq8uzV8wHkbFLCNB1bMAoGCCqGSM49BAMCA0cA
MEQCIAMlQ59/NW7S0hP1cu5OTD2zqT087bEmnIfOTBYfj8UFAiBBrrz2dipODVYx
vvTsQmSCzjrm+JtQQoWa+cdnAG3w5g==
MIIB7jCCAZSgAwIBAgIMU6LLWCI5lHSn7HnsMAoGCCqGSM49BAMCMEcxEzARBgNV
BAMMCnNlbGZzaWduZWQxEDAOBgNVBAsMB3Rlc3RpbmcxETAPBgNVBAoMCFBvbGFy
U1NMMQswCQYDVQQGEwJOTDAeFw0yMzA1MDkwNjA2NDJaFw0zMzA1MDYwNjA2NDJa
ME0xGTAXBgNVBAMMEHNlbGZzaWduZWQtY2hpbGQxEDAOBgNVBAsMB3Rlc3Rpbmcx
ETAPBgNVBAoMCFBvbGFyU1NMMQswCQYDVQQGEwJOTDBZMBMGByqGSM49AgEGCCqG
SM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJH0M3
jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjYDBeMAwGA1UdEwEB/wQCMAAwDgYD
VR0PAQH/BAQDAgeAMB0GA1UdDgQWBBR+ZY8+MwMU5eG+YLLghX+M52ArezAfBgNV
HSMEGDAWgBRQYaWP1AfZ14IBDOVlf4xjRqcTvjAKBggqhkjOPQQDAgNIADBFAiAl
Y2yXg5sZunmo+McUBzvSao1wRxw+9XBSM+Dph5gfhgIhAPlI+lSvD4mzlBzn01Mg
0tMpKHbY34iadcMWBUgibMiA
-----END CERTIFICATE-----

4
tests/data_files/server6-ss-child.crt.openssl.v3_ext Normal file
View File

@ -0,0 +1,4 @@
basicConstraints = critical,CA:false
keyUsage=critical,digitalSignature
subjectKeyIdentifier=hash

37
tests/data_files/server9-bad-mgfhash.crt
View File

@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDWzCCAhKgAwIBAgIBGDA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgSiBAICAN4wOzELMAkGA1UEBhMCTkwx
ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
DTE0MDEyMDEzNTc0NVoXDTI0MDExODEzNTc0NVowNDELMAkGA1UEBhMCTkwxETAP
BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqG
SIb3DQEBCDALBglghkgBZQMEAgSiBAICAN4DggEBAIfliohNjz4CLGbHWgWRBFQ3
Difn027ZnULTvokT67ii1sJzESzqaIakyyu8GRwfoFRNh/rbGfe4C6e9SkwKbnDg
WE9SWbK6ukIQbMy69C+CVqFlRUHbONw/dmcneAWyZYGx/2Sf4D5kkpIWNDBeKuaV
H69XPZCeN3QAACmdAfo4NYW0I69a1OSaUrTyGT1nBOrzQ8Y0aJBnCJAte49bhQEW
KJv0kMj+8ZG1X0RoSdklf3GqdLUbsfJ2txu14GGAxy4C1gl2JWzoBHN5LMLf0cZ9
uEYui7N/5bkSv8KXdbGvSzgn6zZ0MiCJMiiGEf0L1FxBiBCVsK4C2idpiZH+e28=
MIIDYzCCAhagAwIBAgIBGDBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAQUA
oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCBAUAogQCAgDeMDsxCzAJBgNVBAYT
Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
QTAeFw0yMzA1MTcwODM5NDhaFw0zMzA1MTcwODM5NDhaMDQxCzAJBgNVBAYTAk5M
MREwDwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDdEYqfmbqwaMoq6jtqbVmX7U7JVOQN7s6gfaAe
qugOwrsTQNuKEo6JEySlxfX62PWQ18jKy8X+kx2v2hIjc1J5Rhq6oFcrdhYxs6iv
5zibCItjmToKJe5F0hhYurmTGu3UWJpjGzf89xQIn4VlSfNZMm3R4Oht3lLtZrSp
C9pAlQIDAQABo4GSMIGPMB0GA1UdDgQWBBTu88f1HxWlTUeJwdMiY7Lfp869UTBj
BgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMC
TkwxETAPBgNVBAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENB
ggEDMAkGA1UdEwQCMAAwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgEFAKEc
MBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgQFAKIEAgIA3gOCAQEAaQlf1GPhvPHp
hFgTdIB5x5zACVb4a4ONuySVckfMpWk2nlkRSu3Kgv4j8l/jfNpfr+we4lG72xEn
FV3em8dEzxvXd5jXCfR/hWJKYVoWh0055qWw7FpG20vRFKttU8UFclL7KvMs4InZ
vDpbPs5EwBQXTg/manL9TD9t/zqWAUJj1yHWiIISYzfWmsaoTi8jNxSR1+lkmPPP
ZWQwyUJrh82Mw3VwNGxXOfpGIwmjXPia8MafjjH/RtHNx7ukCk+6q1ZlH57NolZJ
dlQTJv21+vxyYr6GZdHXzdJwWMnFSof6VGwayNzetSnVhJb0SQqTBt8Vu5xQtXGa
QcCjGyCAIg==
-----END CERTIFICATE-----

37
tests/data_files/server9-bad-saltlen.crt
View File

@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDWzCCAhKgAwIBAgIBGDA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4wOzELMAkGA1UEBhMCTkwx
ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
DTE0MDEyMDEzNTc0NVoXDTI0MDExODEzNTc0NVowNDELMAkGA1UEBhMCTkwxETAP
BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqG
SIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAE7T54cyUf0ByNr34JaojFam
hV0T9QSc4wJ17sX67rxYIorXU8MynaneJzFxD9utOD3dq2TON18VswhT2McDgefl
XMwivCC0nWod8Pk638QaHxbaqC7XSq0QRBfOMXwV7knLNxI8smc9UJaco39VEcGD
yCkq4By/VCWTpvJ+1hx4zZ8WoXpFJFM5m5y9oEz4lgNv/6Wu7ILztyOk2yJiSR8r
YooC4zVeUOZuDO6At/NXZuSvmKmr+tfFrFA1AA/7yR5odQbqFVNSJ+u0x1Jv8Ra6
JXA4cXsnaDaRe+Wm0L0p+2PtQWXE5npXYIbFHAA9EOC3Ab8oaP9M/F6yQMa/2is=
MIIDYzCCAhagAwIBAgIBGDBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAQUA
oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogQCAgDeMDsxCzAJBgNVBAYT
Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
QTAeFw0yMzA1MjIwNzMwMDZaFw0zMzA1MTkwNzMwMDZaMDQxCzAJBgNVBAYTAk5M
MREwDwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDdEYqfmbqwaMoq6jtqbVmX7U7JVOQN7s6gfaAe
qugOwrsTQNuKEo6JEySlxfX62PWQ18jKy8X+kx2v2hIjc1J5Rhq6oFcrdhYxs6iv
5zibCItjmToKJe5F0hhYurmTGu3UWJpjGzf89xQIn4VlSfNZMm3R4Oht3lLtZrSp
C9pAlQIDAQABo4GSMIGPMAkGA1UdEwQCMAAwHQYDVR0OBBYEFO7zx/UfFaVNR4nB
0yJjst+nzr1RMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7
MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFy
U1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgEFAKEc
MBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIEAgIA3gOCAQEAlQo9OnchZbLQ
PTXs9NgXDoQb4JvUG/Fsq09/e8ivWaHkE7mKeNRrP8qMdAw914Bs1NQf9F75CWJe
5YtmLcE5gSbVj3qa6zVuQWEcrseKz6wpAFLsHKbF6kKfUgcI56xmD2DhhIHny+5B
9ObM0RQpCmAYXjU2CvknXeBzpX2cGOLD/Nexk1oBF6PI0rDUBqg3cexsJ5XfJwYg
tkjkZ321s9N09BsioauH6d9x9/Ysz7Qp7Bqpb1E7dV4bDuT5vwPWwPIUAav897Vt
s0uMZHoVasj57UwqDv8tm0db6f2VOL7r5GBMjbp6newW8Me47uXSBXKy8tFJMolj
yKuEQkKKyA==
-----END CERTIFICATE-----

26
tests/data_files/server9-badsign.crt
View File

@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDBTCCAeegAwIBAgIBFjATBgkqhkiG9w0BAQowBqIEAgIA6jA7MQswCQYDVQQG
EwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3Qg
Q0EwHhcNMTQwMTIwMTMzODE2WhcNMjQwMTE4MTMzODE2WjA0MQswCQYDVQQGEwJO
TDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkq
EwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3Qg
Q0EwHhcNMjMwNTE3MDgwNDAwWhcNMzMwNTE3MDgwNDAwWjA0MQswCQYDVQQGEwJO
TDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEA3RGKn5m6sGjKKuo7am1Zl+1OyVTkDe7OoH2g
HqroDsK7E0DbihKOiRMkpcX1+tj1kNfIysvF/pMdr9oSI3NSeUYauqBXK3YWMbOo
r+c4mwiLY5k6CiXuRdIYWLq5kxrt1FiaYxs3/PcUCJ+FZUnzWTJt0eDobd5S7Wa0
qQvaQJUCAwEAAaOBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTu88f1HxWlTUeJ
wdMiY7Lfp869UTBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0w
OzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xh
clNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQDAog/jXydR
vDIugTzBXtfVK0CEX8iyQ4cVzQmXWSne8204v943K5D2hktSBkjdQUdcnVvVgLR6
te50jV89ptN/NofX+fo9fhSRN9vGgQVWzOOFiO0zcThy749pirJu1Kq5OJdthIyW
Pu0UCz5G0k3kTp0JPevGlsNc8S9Ak1tFuB0IPJjrbfODWHS2LDuO+dB6gpkNTdrj
88ogYtBsN4D5gsXBRUfobXokUwejBwLrD6XwyQx+0bMwSCxgHEhxvuUkx1vdlXGw
JG3aF92u8mIxoKSAPaPdqy930mQvmpUWcN5Y1IMbtEGoQCKMYgosFcazJpJcjnX1
o4Hl/lqjwCFG
qQvaQJUCAwEAAaOBkjCBjzAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy36fOvVEw
YwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYT
Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
QYIBAzAJBgNVHRMEAjAAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQC2DLHQ05x6
imJNztE/Tnk/lPQ01Pw6Girdbk4bgxcGwGj+1u5wAIHNpJ50TOggg3HxTyb7p344
/tVMxz7nrHZQ5ASdn2kDCyCmEqhmj48isWAIml+7J9cBeImJoEfYqjtqtoVkGxFy
SuoZAQWkkqDpyFhKhIjLQ8JuSE6wWMX/kc6TFSSxepnZU1SFOXfCiaVr5tFQzBP7
loppIANLjKeMjpOdU86PmRQ2LyzaCH1OMnjVndeqNmZt0NyzZ18cFPvm6+DVVVuP
Q+6nReShCdAlU+dJqsqj8JsQneNMTxjv4OBoXVmE/kZTj/DBTtwmxkVi7K4aYMFi
UYUZ4RiwG1/0
-----END CERTIFICATE-----

27
tests/data_files/server9-defaults.crt
View File

@ -1,19 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIDBjCCAe6gAwIBAgIBSDANBgkqhkiG9w0BAQowADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTQwNjA1MTU1NjUzWhcNMjQwNjAyMTU1NjUzWjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0B
MIIC+TCCAeGgAwIBAgIBSDANBgkqhkiG9w0BAQowADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEA3RGKn5m6sGjKKuo7am1Zl+1OyVTkDe7OoH2gHqroDsK7
E0DbihKOiRMkpcX1+tj1kNfIysvF/pMdr9oSI3NSeUYauqBXK3YWMbOor+c4mwiL
Y5k6CiXuRdIYWLq5kxrt1FiaYxs3/PcUCJ+FZUnzWTJt0eDobd5S7Wa0qQvaQJUC
AwEAAaOBnzCBnDAJBgNVHRMEAjAAMB0GA1UdDgQWBBTu88f1HxWlTUeJwdMiY7Lf
p869UTBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkG
A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBU
ZXN0IENBggEAMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQowAAOCAQEAGUdim4uy
/rBDFMF8qhjH1qsv0o8ON4HgP3YXbdKdIMfd+p5KtoqHQnrkixWxaIvfORnR4mGm
f8H5BimwIkNLxy7zS88TVDOYel8g7B2yl0nq4biki83NStNBYZJjxKT0ud5O5mGd
jHdy9vTEc7h8q+SHzRdgpNFXyKY5OQYng1LHco8h1UR8/nmPMuDtocHMnmMXu68a
69+TtZxx90/V4gJZOoL1iCi8HEsKoJzm/L8ji54OYt7FxgFfE3VmLsXeMaWYO8GS
BUxh5kqZ25O8hQXK5ywfuVK83Do/SsoClbgx9mboybseGVFIJaxs9e66GFDMoI3B
09JqWv4DoLNnwg==
AwEAAaOBkjCBjzAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy36fOvVEwYwYDVR0j
BFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREw
DwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBDQYIBAzAJ
BgNVHRMEAjAAMA0GCSqGSIb3DQEBCjAAA4IBAQASsc5y7sDP4prOLGAl2EB5d+Gg
w/Vk9+g3KXpeIUCL6gmECNLENmmBe6zZR8/Ax6R1hUe/Cbflepxsx627Eg29NCZK
Bo/AQoz658kwEzr4jhF8M6y9sdsf5/OauoRxDLcMEywIkgmuFvZIpyEwXix6arsK
mNWnW0FwSr2NaXozD7OquGwTEAvAbtei+5JAeVvvGi1u32D2JPVHk3zv05LXtx8b
8bEmzZLthFk3GbSkGHC3K5rjNgTMwY0BhNBW6qFyY5mL0bHVDbZQxD9RRwDifGty
fTo7odJDAHU1xucWF6dOU5nAqiFKlc3eITdBKt+d10yBSr7qXciHkHpAzCvh
-----END CERTIFICATE-----

37
tests/data_files/server9-sha224.crt
View File

@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDWzCCAhKgAwIBAgIBFzA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCBKEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIwOzELMAkGA1UEBhMCTkwx
ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
DTE0MDEyMDEzNTczNloXDTI0MDExODEzNTczNlowNDELMAkGA1UEBhMCTkwxETAP
BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCBKEaMBgGCSqG
SIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIDggEBADJExjfWWvL28lgj+GGgviqo
PHZLxI0pLQUnFJQ9Kpu6jxfICseBF00Z6BJE/RcYDpIie5GDt/8u/i6xB6Li29Pm
g5nANgd/Y3fFnW7d0ydVjiSnetlPuf/jTlWQl6mQTH2xqYu8J8d3JRxQdRiDYbVm
uywW2d6rksiqm6dPD5l4A5DcemcYo8f/1Ifj5WNDCV8/OHex+AnW2ccDvWAnVgSR
B2VpOXJzVFuBsuf4tGVm/2TUMSB6NcvFc6TeJk1kzbZxii4QjKXtH1SfrVP59iEe
l17NYAEWARjBpQWBiutRG+QM2et0sNiUBuWxTkvd0eSgencNysVAOsZqrqaX3CY=
MIIDYzCCAhagAwIBAgIBFzBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCBAUA
oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCBAUAogQCAgDiMDsxCzAJBgNVBAYT
Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
QTAeFw0yMzA1MTcwNzEwMzdaFw0zMzA1MTQwNzEwMzdaMDQxCzAJBgNVBAYTAk5M
MREwDwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDdEYqfmbqwaMoq6jtqbVmX7U7JVOQN7s6gfaAe
qugOwrsTQNuKEo6JEySlxfX62PWQ18jKy8X+kx2v2hIjc1J5Rhq6oFcrdhYxs6iv
5zibCItjmToKJe5F0hhYurmTGu3UWJpjGzf89xQIn4VlSfNZMm3R4Oht3lLtZrSp
C9pAlQIDAQABo4GSMIGPMAkGA1UdEwQCMAAwHQYDVR0OBBYEFO7zx/UfFaVNR4nB
0yJjst+nzr1RMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7
MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFy
U1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgQFAKEc
MBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgQFAKIEAgIA4gOCAQEAjG73ZOe2pQn6
jqiTHALGM0IG8BBCamo3gzbCjZPz3ZnTpZii1pQSFPGEBaKCgrtKrjvoP21ZDUnq
3HjTUzGtGbHk3h+UJcVYgFuONidguUDaALGtXIPWUlqBBeJL+Y+01zJRnMpC2hV7
JUOM3es02te8RM6srCdW1fP9x+Lx4G2Kjj7kEzKafEbwFesS4LbBXsWkID8xDPHO
DLKvg66tPeksDBT4n7f7H51eNlyIwwMDKTc+N9Ri5OeW1HOqtbyo/yJlHvQqnCld
E8gW+AVoeZmN6n/4yemnCEkFRqgbRSIGVoPmOY9d/FfGLmClcaZFPcH+w1JDhF71
3egYnUY/9g==
-----END CERTIFICATE-----

37
tests/data_files/server9-sha256.crt
View File

@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDWzCCAhKgAwIBAgIBGDA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4wOzELMAkGA1UEBhMCTkwx
ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
DTE0MDEyMDEzNTc0NVoXDTI0MDExODEzNTc0NVowNDELMAkGA1UEBhMCTkwxETAP
BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqG
SIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAH0+knqkcLaxeDkenBQgd4Qg
3ZyAhtpiLU689mw+3cXB/uzFrCIxEL5aGh1eSj+DszB+FtsZ06ux7JVQqVOA2Wm9
yLxC6wF8OOYj0nBa91BWLhRAHLhmIdWsVk7Hl9KojZd4TwV2N+ZEV/BLxyoRvK4H
V4xCpzgDSiTPe8Etk4r+0akbr6bsOUBayPb7MGLHubZKq8NsFAmmynp+fPmHd3SE
0ooJdiZ1MmKPKLE5Og/hXCI8qeiXQUR6oQ7b2XONsrI2HIj2SA9dA5qmHwE5PbMu
zqxQ3R83boqLXbkFORn+UiYLmffqdoWuNy00BHMCrxRA9DUv+WyN4npLMF8rOJw=
MIIDYzCCAhagAwIBAgIBFzBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAQUA
oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogQCAgDeMDsxCzAJBgNVBAYT
Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
QTAeFw0yMzA1MTcwNzEwMzdaFw0zMzA1MTQwNzEwMzdaMDQxCzAJBgNVBAYTAk5M
MREwDwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDdEYqfmbqwaMoq6jtqbVmX7U7JVOQN7s6gfaAe
qugOwrsTQNuKEo6JEySlxfX62PWQ18jKy8X+kx2v2hIjc1J5Rhq6oFcrdhYxs6iv
5zibCItjmToKJe5F0hhYurmTGu3UWJpjGzf89xQIn4VlSfNZMm3R4Oht3lLtZrSp
C9pAlQIDAQABo4GSMIGPMAkGA1UdEwQCMAAwHQYDVR0OBBYEFO7zx/UfFaVNR4nB
0yJjst+nzr1RMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7
MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFy
U1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgEFAKEc
MBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIEAgIA3gOCAQEAXcWlfbIjRJX3
eCkj03eKLvhawFndN6mWMOTVvr20Vdhhn57wngSKYgtsbOZhpT+pIXTTpxhku7uS
Pg6NDU0W13xbrcIsYxkZRcN6AYcnV0NxnhdfkmxwDjLyohgm8IdgvHb04r73OP0j
KmnZfJJpnxkVGD8NFGj2hBCR7ynbVBAfJegl0Lruxc4AlrniG6MW9xfkmE3EfOQg
dwZv3UuhxzEhLmR933BCijwfhBVfyzarGjDtZjQYNwWKhRl+OXM+L14Ofq7htSxz
kSM5KJfCAzLFNd6N2YU84IhqwTS4CZ/bE1HchEYPtXm97bj8Vldrfv2up/4Rc0kF
a8P+xLLmug==
-----END CERTIFICATE-----

37
tests/data_files/server9-sha384.crt
View File

@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDWzCCAhKgAwIBAgIBGTA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4wOzELMAkGA1UEBhMCTkwx
ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
DTE0MDEyMDEzNTc1OFoXDTI0MDExODEzNTc1OFowNDELMAkGA1UEBhMCTkwxETAP
BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEaMBgGCSqG
SIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4DggEBABf8Gyq2VYuN1EBW1nOapDQp
B/KuafNW2GEJ7FmQKNyA7MIj1Yqo2MtJ6/OQojRQ3F5rnO4yjmvIPsXeQaMxJBiI
aaoAlLpH++F+oXMq/0aS0WSZrSLrsh2Fpay9cBDGwek2rDOX9kM+ZcPzGitVwWKX
TnOW22hpcl7u95CpZH+JZTcto5nL3tTyV9pIy+tSKQQfjPB+G0TAZCsOkbCGPLug
qdjvqFQwOf15VxQMj7NRiXjlqJvsx+I7B2AIhrs4DzQMEyiWq9S/PzpQuFU5v/Kg
s2iMLJ5ygv5aN3PYqGlE1ZmvgyRp5h/LaTGI2L6lzRTnecOhtPv30N2tyaDAEfo=
MIIDYzCCAhagAwIBAgIBFzBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAgUA
oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogQCAgDOMDsxCzAJBgNVBAYT
Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
QTAeFw0yMzA1MTcwNzEwMzdaFw0zMzA1MTQwNzEwMzdaMDQxCzAJBgNVBAYTAk5M
MREwDwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDdEYqfmbqwaMoq6jtqbVmX7U7JVOQN7s6gfaAe
qugOwrsTQNuKEo6JEySlxfX62PWQ18jKy8X+kx2v2hIjc1J5Rhq6oFcrdhYxs6iv
5zibCItjmToKJe5F0hhYurmTGu3UWJpjGzf89xQIn4VlSfNZMm3R4Oht3lLtZrSp
C9pAlQIDAQABo4GSMIGPMAkGA1UdEwQCMAAwHQYDVR0OBBYEFO7zx/UfFaVNR4nB
0yJjst+nzr1RMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7
MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFy
U1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgIFAKEc
MBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKIEAgIAzgOCAQEAmTU2HqAA7gbB
tJlDAve8nGbdCim4YjRXWceHGCpoFIWrs6onlHCvnZ2Wr8iPk+wnd7ShIpp8vGb/
476y8pfaA2n8vYWhQKDCTTUXJN4tUc7i8Uz4RGdK48vHVvZCtCT/8MmPPouOIZcU
/Kkenw2jv5R/CpiirVUsjNx6BYcdu1zzEU+uoBLom6sZ6LGRlIB0prFWcxrVjfzx
2C8ZxMW8NWj6EQipQJ2U+CCycA2HkbCmt3FnEXmN5OWThvnKdshoPkMn2HwhAOzn
cjZQhQT3WSufvZ9bYe7HZ5e1e7k6aMXBvW89ECxc12mZfSjlYmlvfHZuO8D2sP2i
RidkcXFMxQ==
-----END CERTIFICATE-----

37
tests/data_files/server9-sha512.crt
View File

@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDWzCCAhKgAwIBAgIBGjA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCA6Ea
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4wOzELMAkGA1UEBhMCTkwx
ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
DTE0MDEyMDEzNTgxMloXDTI0MDExODEzNTgxMlowNDELMAkGA1UEBhMCTkwxETAP
BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCA6EaMBgGCSqG
SIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4DggEBACdVozFq6rUiXo+ib5Y2oPsR
6xxl4Ydn3LpUoYrPpTOrhcXJWW/tOLHGuCF/mSRfUzKaMIfL418cZHYnvumvuttu
6z3tp5E1VsiZCU2MWJnzjKSxFBOss43AmpJHHoapGFZu2pxObBPqegAKHYkKWOLk
tJDj47PurWgEek9j1nL7Pc1tVf59fm/ySp4fWkXLLvQiKid1516VioLyacUvK3zU
6Egz8jMt7D5c9KpaExLRTANVsThqO5/dmR36bOwm3Hpbde7DNdgxru41tiLMqJs/
5pX3ceaJ1XQ/l0idj5/9ipvqHHUguyk7H22HwQHQdSD9oIha8kEM3P6CjpfE7yY=
MIIDYzCCAhagAwIBAgIBFzBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAwUA
oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAwUAogQCAgC+MDsxCzAJBgNVBAYT
Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
QTAeFw0yMzA1MTcwNzEwMzdaFw0zMzA1MTQwNzEwMzdaMDQxCzAJBgNVBAYTAk5M
MREwDwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDdEYqfmbqwaMoq6jtqbVmX7U7JVOQN7s6gfaAe
qugOwrsTQNuKEo6JEySlxfX62PWQ18jKy8X+kx2v2hIjc1J5Rhq6oFcrdhYxs6iv
5zibCItjmToKJe5F0hhYurmTGu3UWJpjGzf89xQIn4VlSfNZMm3R4Oht3lLtZrSp
C9pAlQIDAQABo4GSMIGPMAkGA1UdEwQCMAAwHQYDVR0OBBYEFO7zx/UfFaVNR4nB
0yJjst+nzr1RMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7
MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFy
U1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgMFAKEc
MBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgMFAKIEAgIAvgOCAQEAVut9oL/0V/vo
f9VKxAZfyy0zFy+LOHzV1H5qQaPKJnXIAUp/sDtvOjugqHKjamg6dCIVy292Yxcx
rW8WcMR1Bj9MQ5Qrv++TZ0a1e0qet1GYxj4MQkU30XlJq/Jh7ede9Vh/yBxKTQq7
oaJ6fOTFWcz1JZDrZrKffBOqIp5jQWPARilUDN6FiRNYV3/14aWVGnNbqGfoY8CC
WvpC0iAvrQxjdQQf6nIYrzcGNzvrpRbhpzBPUyUIrM1o+nyiNAJPlyncjFwmfw9g
80FP1XnRIIKmlTTG7ivkjHKzE6WXZSQPjArg0jxQAX1uLKJGFhu+ueKyoPOHQXS0
O1z3OQn3+w==
-----END CERTIFICATE-----

110
tests/data_files/server9-with-ca.crt
View File

@ -1,99 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIDBTCCAeegAwIBAgIBFjATBgkqhkiG9w0BAQowBqIEAgIA6jA7MQswCQYDVQQG
EwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3Qg
Q0EwHhcNMTQwMTIwMTMzODE2WhcNMjQwMTE4MTMzODE2WjA0MQswCQYDVQQGEwJO
TDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkq
EwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3Qg
Q0EwHhcNMjMwNTE3MDgwNDAwWhcNMzMwNTE3MDgwNDAwWjA0MQswCQYDVQQGEwJO
TDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEA3RGKn5m6sGjKKuo7am1Zl+1OyVTkDe7OoH2g
HqroDsK7E0DbihKOiRMkpcX1+tj1kNfIysvF/pMdr9oSI3NSeUYauqBXK3YWMbOo
r+c4mwiLY5k6CiXuRdIYWLq5kxrt1FiaYxs3/PcUCJ+FZUnzWTJt0eDobd5S7Wa0
qQvaQJUCAwEAAaOBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTu88f1HxWlTUeJ
wdMiY7Lfp869UTBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0w
OzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xh
clNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQDAog/jXydR
vDIugTzBXtfVK0CEX8iyQ4cVzQmXWSne8204v943K5D2hktSBkjdQUdcnVvVgLR6
te50jV89ptN/NofX+fo9fhSRN9vGgQVWzOOFiO0zcThy749pirJu1Kq5OJdthIyW
Pu0UCz5G0k3kTp0JPevGlsNc8S9Ak1tFuB0IPJjrbfODWHS2LDuO+dB6gpkNTdrj
88ogYtBsN4D5gsXBRUfobXokUwejBwLrD6XwyQx+0bMwSCxgHEhxvuUkx1vdlXGw
JG3aF92u8mIxoKSAPaPdqy930mQvmpUWcN5Y1IMbtEGoQCKMYgosFcazJpJcjnX1
o4Hl/lqjwCEG
qQvaQJUCAwEAAaOBkjCBjzAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy36fOvVEw
YwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYT
Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
QYIBAzAJBgNVHRMEAjAAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQC2DLHQ05x6
imJNztE/Tnk/lPQ01Pw6Girdbk4bgxcGwGj+1u5wAIHNpJ50TOggg3HxTyb7p344
/tVMxz7nrHZQ5ASdn2kDCyCmEqhmj48isWAIml+7J9cBeImJoEfYqjtqtoVkGxFy
SuoZAQWkkqDpyFhKhIjLQ8JuSE6wWMX/kc6TFSSxepnZU1SFOXfCiaVr5tFQzBP7
loppIANLjKeMjpOdU86PmRQ2LyzaCH1OMnjVndeqNmZt0NyzZ18cFPvm6+DVVVuP
Q+6nReShCdAlU+dJqsqj8JsQneNMTxjv4OBoXVmE/kZTj/DBTtwmxkVi7K4aYMFi
UYUZ4RiwG1/7
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
Validity
Not Before: Feb 12 14:44:00 2011 GMT
Not After : Feb 12 14:44:00 2021 GMT
Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32:
7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18:
58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87:
1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93:
e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14:
cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9:
ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90:
71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60:
c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb:
58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0:
e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72:
69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1:
79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13:
58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6:
e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38:
65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9:
ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f:
a2:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
X509v3 Authority Key Identifier:
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
serial:00
Signature Algorithm: sha1WithRSAEncryption
b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07:
1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a:
32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9:
37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62:
09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26:
8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d:
2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5:
e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7:
e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f:
66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5:
35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce:
09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6:
08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca:
e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de:
f7:e0:e9:54
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68
x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB
BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T
hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/
G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf
7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH
9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf
hlf8qotOhNvFXpEsCGwZUywayo7c4DtO
-----END CERTIFICATE-----

26
tests/data_files/server9.crt
View File

@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDBTCCAeegAwIBAgIBFjATBgkqhkiG9w0BAQowBqIEAgIA6jA7MQswCQYDVQQG
EwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3Qg
Q0EwHhcNMTQwMTIwMTMzODE2WhcNMjQwMTE4MTMzODE2WjA0MQswCQYDVQQGEwJO
TDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkq
EwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3Qg
Q0EwHhcNMjMwNTE3MDgwNDAwWhcNMzMwNTE3MDgwNDAwWjA0MQswCQYDVQQGEwJO
TDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEA3RGKn5m6sGjKKuo7am1Zl+1OyVTkDe7OoH2g
HqroDsK7E0DbihKOiRMkpcX1+tj1kNfIysvF/pMdr9oSI3NSeUYauqBXK3YWMbOo
r+c4mwiLY5k6CiXuRdIYWLq5kxrt1FiaYxs3/PcUCJ+FZUnzWTJt0eDobd5S7Wa0
qQvaQJUCAwEAAaOBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTu88f1HxWlTUeJ
wdMiY7Lfp869UTBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0w
OzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xh
clNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQDAog/jXydR
vDIugTzBXtfVK0CEX8iyQ4cVzQmXWSne8204v943K5D2hktSBkjdQUdcnVvVgLR6
te50jV89ptN/NofX+fo9fhSRN9vGgQVWzOOFiO0zcThy749pirJu1Kq5OJdthIyW
Pu0UCz5G0k3kTp0JPevGlsNc8S9Ak1tFuB0IPJjrbfODWHS2LDuO+dB6gpkNTdrj
88ogYtBsN4D5gsXBRUfobXokUwejBwLrD6XwyQx+0bMwSCxgHEhxvuUkx1vdlXGw
JG3aF92u8mIxoKSAPaPdqy930mQvmpUWcN5Y1IMbtEGoQCKMYgosFcazJpJcjnX1
o4Hl/lqjwCEG
qQvaQJUCAwEAAaOBkjCBjzAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy36fOvVEw
YwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYT
Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
QYIBAzAJBgNVHRMEAjAAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQC2DLHQ05x6
imJNztE/Tnk/lPQ01Pw6Girdbk4bgxcGwGj+1u5wAIHNpJ50TOggg3HxTyb7p344
/tVMxz7nrHZQ5ASdn2kDCyCmEqhmj48isWAIml+7J9cBeImJoEfYqjtqtoVkGxFy
SuoZAQWkkqDpyFhKhIjLQ8JuSE6wWMX/kc6TFSSxepnZU1SFOXfCiaVr5tFQzBP7
loppIANLjKeMjpOdU86PmRQ2LyzaCH1OMnjVndeqNmZt0NyzZ18cFPvm6+DVVVuP
Q+6nReShCdAlU+dJqsqj8JsQneNMTxjv4OBoXVmE/kZTj/DBTtwmxkVi7K4aYMFi
UYUZ4RiwG1/7
-----END CERTIFICATE-----

34
tests/data_files/test-ca-v1.crt
View File

@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDIzCCAgsCDFOito4FQA5VXJOV5TANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
ExNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLEwd0ZXN0aW5nMREwDwYDVQQK
EwhQb2xhclNTTDELMAkGA1UEBhMCTkwwIhgPMjAxNDA2MTkxMDA4MTRaGA8yMDI0
MDYxODEwMDgxNFowUDEcMBoGA1UEAxMTUG9sYXJTU0wgVGVzdCBDQSB2MTEQMA4G
A1UECxMHdGVzdGluZzERMA8GA1UEChMIUG9sYXJTU0wxCzAJBgNVBAYTAk5MMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwN83/Be74JadP4beljJ9RKUW
oM0h8ZnU7OrLfBhYCJSl7JvFi98aHpk4mYcee8CNOd84XXB4B9Oe2ZPouXJRxc6j
MFKp8udAcBTLRKJyC8LlQPk+5aYOs/nsSmPAuCkAdJxXO6ilBJBx8b2D2T/WpeI8
Ko/vJ2DDxp/LuuxgfbfmhDK+T/tYJiIDW9S01fv145YucMDkLr38Lu7iQVXANC59
JHJpy0exFECDfWf0hvYxq/F5pLK1LhL5hBfwYm8nPhNYsVQNIZpzN6Ewz2+S3Pbp
/KzbLijRfgJLI6AV8jhlZAnqDG6OGxegccizm8mr6cPyz4eWj4ACMp6ZWG+i1QID
AQABMA0GCSqGSIb3DQEBCwUAA4IBAQBoXC5AlXI5azyOPvmNse2qHhO7BrXOEjH+
9g5P/VsrVADhsUGv6x0A2oLoWXtOjGDIWWH53BWHkCUCu4T5D5C6+I47rXWl4pAr
J+h+tQVZo6J0AJxfPse/NnrjsboUSWhunmo/iTrU6S4KJBguIKP6T1DZoD/8EYgU
x+fXDmvRO+MTesWDiY+p+FHEzsu3b9EBtG9dUiR/zzXi/ktFCfrgstKGSuW6+j7m
lcduTxsogi6Uc3tWKtn6qpSGR0uBoCz6emFO7Smmy/tIyVA88lH0+3UnxOvu4TAK
uvjYkOcZqhprDiMfhxBB7pxbfiviEANTbgSfCtZewSNz2RUJ9ocy
MIIDHzCCAgcCDFOito4FQA5VXJOV5TANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
DBNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLDAd0ZXN0aW5nMREwDwYDVQQK
DAhQb2xhclNTTDELMAkGA1UEBhMCTkwwHhcNMTkwMjEwMTQ0NDAwWhcNMjkwMjEw
MTQ0NDAwWjBQMRwwGgYDVQQDDBNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQL
DAd0ZXN0aW5nMREwDwYDVQQKDAhQb2xhclNTTDELMAkGA1UEBhMCTkwwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAEw
DQYJKoZIhvcNAQELBQADggEBAAtVAWmbymwKDj9v8m7SVLHF0mw4i3gBFVPJqYRQ
y9CnUD68kUr4qK7wyQIv/gDRYuqZVNnBq4Jwzm+tPEBHpYAF5H/7Mynpb4h+uZ3a
6kaWURXKzx53ZuFHLu1FuRov+SZU3ZtXClTYFKeyDb+fcth/8thR9V59v7ZE7zlb
8zbyL+dqfyxvmxZCUzHbNKVrliiUUFXfW53T+B7Ysxner5mnqM1aPxckhXVHEJ47
TBoIhpBoJ/HmHCiWz8BeoowSpG7u+QOezIKk8l5Pd2f8MeqwyaqIeAy0lh2nP7pB
UtWET/0bsdiPn8SR9B3hWpKUDRvnHDDZuZiKtrdDEqsD04M=
-----END CERTIFICATE-----

5
tests/data_files/test-ca.opensslconf
View File

@ -41,6 +41,11 @@ DNS.3=*.example.org
[multiple_san]
subjectAltName=@alt_names
[ext_multi_nocn]
basicConstraints = CA:false
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
subjectAltName = DNS:www.shotokan-braunschweig.de,DNS:www.massimo-abate.eu,IP:192.168.1.1,IP:192.168.69.144
[hw_module_name]
hwtype = OID:1.3.6.1.4.1.17.3
hwserial = OCT:123456

20
tests/data_files/test-ca2.ku-crl.crt
View File

@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBzDCCAVOgAwIBAgIJAP6mZLzh0IPSMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
QyBDQTAeFw0xNDA0MDkxMTIzMzhaFw0yNDA0MDYxMTIzMzhaMD4xCzAJBgNVBAYT
Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqMdMBswDAYDVR0TBAUwAwEB/zAL
BgNVHQ8EBAMCAQIwCgYIKoZIzj0EAwIDZwAwZAIwZOCKY0EHXYzI4cQsFnfOrxm1
ufvNeZ4ZcSZWrkTBazW2OBCuCP9SLznec3SFOUvvAjAKe/qycfxkHivjieCEG1Kt
m2D4QKSJELUhTHr4zdkeqbzgui0y3iouaoyWsKvetNg=
MIIB2DCCAV6gAwIBAgIUN3DAVq0Kn9k3FPUPZGW2d3rZn28wCgYIKoZIzj0EAwIw
PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
cnNzbCBUZXN0IEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1ow
PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
cnNzbCBUZXN0IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+H
Vv78ibopQ0tO4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqr
Id240xxuWLjK6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeox0wGzAMBgNV
HRMEBTADAQH/MAsGA1UdDwQEAwIBAjAKBggqhkjOPQQDAgNoADBlAjAxoq/Q4PEA
8SDd3cQaVIwx8oJVEzfJo1BB2w1LnjvUXZrQydjNXMU4Jgorm/2/uLgCMQCyI6cZ
EAIgKPYlT6/zJHBj45qejs527OfI4Xn+kQ7OvHQtHaCAzQw4h7Jfx+gXaUo=
-----END CERTIFICATE-----

4
tests/data_files/test-ca2.ku-crl.crt.openssl.v3_ext Normal file
View File

@ -0,0 +1,4 @@
basicConstraints = CA:true
subjectKeyIdentifier=none
keyUsage = cRLSign

20
tests/data_files/test-ca2.ku-crt.crt
View File

@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBzTCCAVOgAwIBAgIJAODh6PAeD9/vMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
QyBDQTAeFw0xNDA0MDkxMTIzNTRaFw0yNDA0MDYxMTIzNTRaMD4xCzAJBgNVBAYT
Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqMdMBswDAYDVR0TBAUwAwEB/zAL
BgNVHQ8EBAMCAgQwCgYIKoZIzj0EAwIDaAAwZQIwGGlbynd1jU3WkUx6Irhk9Lob
z2B+1eIO6+eu3En8B3rh8Ipfxo0e0hpfaRFYP1MUAjEAjxxBchRWJAzZ6/47Wg/7
UoasRINgP5B/uJhTnftS1bqyuWHastb4LW5/YLOvPbMQ
MIIB2DCCAV6gAwIBAgIUYDcYIJ6EBbKafKeXLgPLE+RsJZowCgYIKoZIzj0EAwIw
PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
cnNzbCBUZXN0IEVDIENBMB4XDTIzMDUxMjEwMzEwNVoXDTMzMDUxMjEwMzEwNVow
PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
cnNzbCBUZXN0IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+H
Vv78ibopQ0tO4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqr
Id240xxuWLjK6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeox0wGzAMBgNV
HRMEBTADAQH/MAsGA1UdDwQEAwICBDAKBggqhkjOPQQDAgNoADBlAjBwsfyYiZB6
PpDgIbYRbZ4VT9GGFNE3L4C1IH8RNwzvywLvQfVp3ocRAkzEoRpmKAsCMQDOGm48
d7zKl7IzmBuOWXYlukWDDWwpNI67z7g0JawfypKIxcPTZFiQXVtDdTdkrGY=
-----END CERTIFICATE-----

4
tests/data_files/test-ca2.ku-crt.crt.openssl.v3_ext Normal file
View File

@ -0,0 +1,4 @@
basicConstraints = CA:true
subjectKeyIdentifier=none
keyUsage = keyCertSign

20
tests/data_files/test-ca2.ku-crt_crl.crt
View File

@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBzDCCAVOgAwIBAgIJAPejOupCJS65MAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
QyBDQTAeFw0xNDA0MDkxMTIyMjVaFw0yNDA0MDYxMTIyMjVaMD4xCzAJBgNVBAYT
Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqMdMBswDAYDVR0TBAUwAwEB/zAL
BgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDZwAwZAIwMKLVXB4YBQ0Ha4dEvFPcJtau
TS5Vd4UqG3xQ10YcJogweuqaGHSFgdnEUfoX+4p5AjApMnYXFfUjSmlyfJmTaswO
gaR5sUnnw33NA9j1ercem3asCYz6a8T0zo8/rR33XVU=
MIIB2TCCAV6gAwIBAgIUd5f42F4ahjkx9AIN035pcF4WFikwCgYIKoZIzj0EAwIw
PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
cnNzbCBUZXN0IEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1ow
PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
cnNzbCBUZXN0IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+H
Vv78ibopQ0tO4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqr
Id240xxuWLjK6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeox0wGzAMBgNV
HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNpADBmAjEA6IUvQwSw
vEkHjU9YNsPcUsJf0UTHUW1T8mNbgk+zCl6fzeU73oCXH6zoi5q6vLgjAjEAv63C
xknmJJ4H3Zlc+O5GlcX9VQNZDn1xV7hf2yW1Gf7wLTnSWTf5bXATaIQ6QLO1
-----END CERTIFICATE-----

4
tests/data_files/test-ca2.ku-crt_crl.crt.openssl.v3_ext Normal file
View File

@ -0,0 +1,4 @@
basicConstraints = CA:true
subjectKeyIdentifier=none
keyUsage = keyCertSign, cRLSign

20
tests/data_files/test-ca2.ku-ds.crt
View File

@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBzDCCAVOgAwIBAgIJAPOkPR3wsvm5MAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
QyBDQTAeFw0xNDA0MDkxMTI0MTNaFw0yNDA0MDYxMTI0MTNaMD4xCzAJBgNVBAYT
Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqMdMBswDAYDVR0TBAUwAwEB/zAL
BgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDZwAwZAIwGRCmU/rWNjW13g8ITuq3pMXb
jgwTFJHVlbMDiFJwUrRvytPV9doJOfzJ8nAQ0cZ1AjAbJ8QAV2e+DmYZpWc/p6Ug
nQdac59ev+lH+ju6wET3jNDjUthUPrdgqa54+UWQ5r4=
MIIB2TCCAV6gAwIBAgIUb5xsO6FEmAz+XpGFHpW7ODFvup0wCgYIKoZIzj0EAwIw
PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
cnNzbCBUZXN0IEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1ow
PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
cnNzbCBUZXN0IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+H
Vv78ibopQ0tO4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqr
Id240xxuWLjK6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeox0wGzAMBgNV
HRMEBTADAQH/MAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNpADBmAjEA44HVvGYv
meA3SpaNJmubLKjsQlGNnEUUo1IO0NBP5yWG0dRFkX8NQ0bzH/1n6FJcAjEAm9wj
xdmEPUr6PY54c0IQJNeeF76L1/+EszXrSDQ7TLv1YC4d4uMNmqwR9EGuUX+/
-----END CERTIFICATE-----

4
tests/data_files/test-ca2.ku-ds.crt.openssl.v3_ext Normal file
View File

@ -0,0 +1,4 @@
basicConstraints = CA:true
subjectKeyIdentifier=none
keyUsage = digitalSignature

3
tests/include/test/drivers/config_test_driver.h
View File

@ -53,7 +53,4 @@
//#define MBEDTLS_PEM_PARSE_C
//#define MBEDTLS_BASE64_C
#include "mbedtls/config_psa.h"
#include "mbedtls/check_config.h"
#endif /* MBEDTLS_CONFIG_H */

92
tests/include/test/macros.h
View File

@ -61,6 +61,16 @@
} \
} while (0)
/** This macro asserts fails the test with given output message.
*
* \param MESSAGE The message to be outputed on assertion
*/
#define TEST_FAIL(MESSAGE) \
do { \
mbedtls_test_fail(MESSAGE, __LINE__, __FILE__); \
goto exit; \
} while (0)
/** Evaluate two integer expressions and fail the test case if they have
* different values.
*
@ -73,7 +83,7 @@
#define TEST_EQUAL(expr1, expr2) \
do { \
if (!mbedtls_test_equal( #expr1 " == " #expr2, __LINE__, __FILE__, \
expr1, expr2)) \
(unsigned long long) (expr1), (unsigned long long) (expr2))) \
goto exit; \
} while (0)
@ -107,52 +117,52 @@
* The allocated memory will be filled with zeros.
*
* You must set \p pointer to \c NULL before calling this macro and
* put `mbedtls_free( pointer )` in the test's cleanup code.
* put `mbedtls_free(pointer)` in the test's cleanup code.
*
* If \p length is zero, the resulting \p pointer will be \c NULL.
* If \p item_count is zero, the resulting \p pointer will be \c NULL.
* This is usually what we want in tests since API functions are
* supposed to accept null pointers when a buffer size is zero.
*
* This macro expands to an instruction, not an expression.
* It may jump to the \c exit label.
*
* \param pointer An lvalue where the address of the allocated buffer
* will be stored.
* This expression may be evaluated multiple times.
* \param length Number of elements to allocate.
* This expression may be evaluated multiple times.
* \param pointer An lvalue where the address of the allocated buffer
* will be stored.
* This expression may be evaluated multiple times.
* \param item_count Number of elements to allocate.
* This expression may be evaluated multiple times.
*
*/
#define ASSERT_ALLOC(pointer, length) \
do \
{ \
TEST_ASSERT((pointer) == NULL); \
if ((length) != 0) \
{ \
(pointer) = mbedtls_calloc(sizeof(*(pointer)), \
(length)); \
TEST_ASSERT((pointer) != NULL); \
} \
} \
while (0)
#define TEST_CALLOC(pointer, item_count) \
do { \
TEST_ASSERT((pointer) == NULL); \
if ((item_count) != 0) { \
(pointer) = mbedtls_calloc(sizeof(*(pointer)), \
(item_count)); \
TEST_ASSERT((pointer) != NULL); \
} \
} while (0)
/* For backwards compatibility */
#define ASSERT_ALLOC(pointer, item_count) TEST_CALLOC(pointer, item_count)
/** Allocate memory dynamically. If the allocation fails, skip the test case.
*
* This macro behaves like #ASSERT_ALLOC, except that if the allocation
* This macro behaves like #TEST_CALLOC, except that if the allocation
* fails, it marks the test as skipped rather than failed.
*/
#define ASSERT_ALLOC_WEAK(pointer, length) \
do \
{ \
TEST_ASSERT((pointer) == NULL); \
if ((length) != 0) \
{ \
(pointer) = mbedtls_calloc(sizeof(*(pointer)), \
(length)); \
TEST_ASSUME((pointer) != NULL); \
} \
} \
while (0)
#define TEST_CALLOC_OR_SKIP(pointer, item_count) \
do { \
TEST_ASSERT((pointer) == NULL); \
if ((item_count) != 0) { \
(pointer) = mbedtls_calloc(sizeof(*(pointer)), \
(item_count)); \
TEST_ASSUME((pointer) != NULL); \
} \
} while (0)
/* For backwards compatibility */
#define ASSERT_ALLOC_WEAK(pointer, item_count) TEST_CALLOC_OR_SKIP(pointer, item_count)
/** Compare two buffers and fail the test case if they differ.
*
@ -166,14 +176,16 @@
* \param size2 Size of the second buffer in bytes.
* This expression may be evaluated multiple times.
*/
#define ASSERT_COMPARE(p1, size1, p2, size2) \
do \
{ \
#define TEST_MEMORY_COMPARE(p1, size1, p2, size2) \
do { \
TEST_EQUAL((size1), (size2)); \
if ((size1) != 0) \
TEST_ASSERT(memcmp((p1), (p2), (size1)) == 0); \
} \
while (0)
if ((size1) != 0) { \
TEST_ASSERT(memcmp((p1), (p2), (size1)) == 0); \
} \
} while (0)
/* For backwards compatibility */
#define ASSERT_COMPARE(p1, size1, p2, size2) TEST_MEMORY_COMPARE(p1, size1, p2, size2)
/**
* \brief This macro tests the expression passed to it and skips the

35
tests/include/test/psa_crypto_helpers.h
View File

@ -208,6 +208,41 @@ psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags)
*/
int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename);
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform
* functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
* and #MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO. The job of these functions
* is to read and write from the entropy seed file, which is located
* in the PSA ITS file whose uid is #PSA_CRYPTO_ITS_RANDOM_SEED_UID.
* (These could have been provided as library functions, but for historical
* reasons, they weren't, and so each integrator has to provide a copy
* of these functions.)
*
* Provide implementations of these functions for testing. */
int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len);
int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len);
/** Make sure that the injected entropy is present.
*
* When MBEDTLS_PSA_INJECT_ENTROPY is enabled, psa_crypto_init()
* will fail if the PSA entropy seed is not present.
* This function must be called at least once in a test suite or other
* program before any call to psa_crypto_init().
* It does not need to be called in each test case.
*
* The test framework calls this function before running any test case.
*
* The few tests that might remove the entropy file must call this function
* in their cleanup.
*/
int mbedtls_test_inject_entropy_restore(void);
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
/** Skip a test case if the given key is a 192 bits AES key and the AES
* implementation is at least partially provided by an accelerator or
* alternative implementation.

678
tests/scripts/all.sh
View File

File diff suppressed because it is too large Load Diff

138
tests/scripts/analyze_outcomes.py
View File

@ -73,15 +73,22 @@ def execute_reference_driver_tests(ref_component, driver_component, outcome_file
Results.log("Error: failed to run reference/driver components")
sys.exit(ret_val)
def analyze_coverage(results, outcomes):
def analyze_coverage(results, outcomes, allow_list, full_coverage):
"""Check that all available test cases are executed at least once."""
available = check_test_cases.collect_available_test_cases()
for key in available:
hits = outcomes[key].hits() if key in outcomes else 0
if hits == 0:
# Make this a warning, not an error, as long as we haven't
# fixed this branch to have full coverage of test cases.
results.warning('Test case not executed: {}', key)
if hits == 0 and key not in allow_list:
if full_coverage:
results.error('Test case not executed: {}', key)
else:
results.warning('Test case not executed: {}', key)
elif hits != 0 and key in allow_list:
# Test Case should be removed from the allow list.
if full_coverage:
results.error('Allow listed test case was executed: {}', key)
else:
results.warning('Allow listed test case was executed: {}', key)
def analyze_driver_vs_reference(outcomes, component_ref, component_driver,
ignored_suites, ignored_test=None):
@ -122,10 +129,11 @@ def analyze_driver_vs_reference(outcomes, component_ref, component_driver,
result = False
return result
def analyze_outcomes(outcomes):
def analyze_outcomes(outcomes, args):
"""Run all analyses on the given outcome collection."""
results = Results()
analyze_coverage(results, outcomes)
analyze_coverage(results, outcomes, args['allow_list'],
args['full_coverage'])
return results
def read_outcome_file(outcome_file):
@ -151,10 +159,9 @@ by a semicolon.
def do_analyze_coverage(outcome_file, args):
"""Perform coverage analysis."""
del args # unused
outcomes = read_outcome_file(outcome_file)
Results.log("\n*** Analyze coverage ***\n")
results = analyze_outcomes(outcomes)
results = analyze_outcomes(outcomes, args)
return results.error_count == 0
def do_analyze_driver_vs_reference(outcome_file, args):
@ -175,8 +182,16 @@ def do_analyze_driver_vs_reference(outcome_file, args):
TASKS = {
'analyze_coverage': {
'test_function': do_analyze_coverage,
'args': {}
},
'args': {
'allow_list': [
# Algorithm not supported yet
'test_suite_psa_crypto_metadata;Asymmetric signature: pure EdDSA',
# Algorithm not supported yet
'test_suite_psa_crypto_metadata;Cipher: XTS',
],
'full_coverage': False,
}
},
# There are 2 options to use analyze_driver_vs_reference_xxx locally:
# 1. Run tests and then analysis:
# - tests/scripts/all.sh --outcome-file "$PWD/out.csv" <component_ref> <component_driver>
@ -310,6 +325,99 @@ TASKS = {
}
}
},
'analyze_driver_vs_reference_no_bignum': {
'test_function': do_analyze_driver_vs_reference,
'args': {
'component_ref': 'test_psa_crypto_config_reference_ecc_no_bignum',
'component_driver': 'test_psa_crypto_config_accel_ecc_no_bignum',
'ignored_suites': [
# Ignore test suites for the modules that are disabled in the
# accelerated test case.
'ecp',
'ecdsa',
'ecdh',
'ecjpake',
'bignum_core',
'bignum_random',
'bignum_mod',
'bignum_mod_raw',
'bignum.generated',
'bignum.misc',
],
'ignored_tests': {
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
'test_suite_psa_crypto': [
'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
],
'test_suite_pkparse': [
# See the description provided above in the
# analyze_driver_vs_reference_no_ecp_at_all component.
'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)',
'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)',
'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)',
'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)',
'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)',
'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)',
'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)',
'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)',
'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)',
'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)',
'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)',
'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)',
'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)',
'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)',
'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)',
'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)',
],
'test_suite_asn1parse': [
# This test depends on BIGNUM_C
'INTEGER too large for mpi',
],
'test_suite_asn1write': [
# Following tests depends on BIGNUM_C
'ASN.1 Write mpi 0 (1 limb)',
'ASN.1 Write mpi 0 (null)',
'ASN.1 Write mpi 0x100',
'ASN.1 Write mpi 0x7f',
'ASN.1 Write mpi 0x7f with leading 0 limb',
'ASN.1 Write mpi 0x80',
'ASN.1 Write mpi 0x80 with leading 0 limb',
'ASN.1 Write mpi 0xff',
'ASN.1 Write mpi 1',
'ASN.1 Write mpi, 127*8 bits',
'ASN.1 Write mpi, 127*8+1 bits',
'ASN.1 Write mpi, 127*8-1 bits',
'ASN.1 Write mpi, 255*8 bits',
'ASN.1 Write mpi, 255*8-1 bits',
'ASN.1 Write mpi, 256*8-1 bits',
],
'test_suite_debug': [
# Following tests depends on BIGNUM_C
'Debug print mbedtls_mpi #2: 3 bits',
'Debug print mbedtls_mpi: 0 (empty representation)',
'Debug print mbedtls_mpi: 0 (non-empty representation)',
'Debug print mbedtls_mpi: 49 bits',
'Debug print mbedtls_mpi: 759 bits',
'Debug print mbedtls_mpi: 764 bits #1',
'Debug print mbedtls_mpi: 764 bits #2',
],
}
}
},
'analyze_driver_vs_reference_ffdh_alg': {
'test_function': do_analyze_driver_vs_reference,
'args': {
@ -333,6 +441,11 @@ def main():
'comma/space-separated list of tasks. ')
parser.add_argument('--list', action='store_true',
help='List all available tasks and exit.')
parser.add_argument('--require-full-coverage', action='store_true',
dest='full_coverage', help="Require all available "
"test cases to be executed and issue an error "
"otherwise. This flag is ignored if 'task' is "
"neither 'all' nor 'analyze_coverage'")
options = parser.parse_args()
if options.list:
@ -352,6 +465,9 @@ def main():
Results.log('Error: invalid task: {}'.format(task))
sys.exit(1)
TASKS['analyze_coverage']['args']['full_coverage'] = \
options.full_coverage
for task in TASKS:
if task in tasks:
if not TASKS[task]['test_function'](options.outcomes, TASKS[task]['args']):

36
tests/scripts/audit-validity-dates.py
View File

@ -24,7 +24,6 @@ from tests/data_files/ and tests/suites/*.data files by default.
"""
import os
import sys
import re
import typing
import argparse
@ -43,6 +42,7 @@ from generate_test_code import FileWrapper
import scripts_path # pylint: disable=unused-import
from mbedtls_dev import build_tree
from mbedtls_dev import logging_util
def check_cryptography_version():
match = re.match(r'^[0-9]+', cryptography.__version__)
@ -393,38 +393,6 @@ def list_all(audit_data: AuditData):
loc))
def configure_logger(logger: logging.Logger) -> None:
"""
Configure the logging.Logger instance so that:
- Format is set to "[%(levelname)s]: %(message)s".
- loglevel >= WARNING are printed to stderr.
- loglevel < WARNING are printed to stdout.
"""
class MaxLevelFilter(logging.Filter):
# pylint: disable=too-few-public-methods
def __init__(self, max_level, name=''):
super().__init__(name)
self.max_level = max_level
def filter(self, record: logging.LogRecord) -> bool:
return record.levelno <= self.max_level
log_formatter = logging.Formatter("[%(levelname)s]: %(message)s")
# set loglevel >= WARNING to be printed to stderr
stderr_hdlr = logging.StreamHandler(sys.stderr)
stderr_hdlr.setLevel(logging.WARNING)
stderr_hdlr.setFormatter(log_formatter)
# set loglevel <= INFO to be printed to stdout
stdout_hdlr = logging.StreamHandler(sys.stdout)
stdout_hdlr.addFilter(MaxLevelFilter(logging.INFO))
stdout_hdlr.setFormatter(log_formatter)
logger.addHandler(stderr_hdlr)
logger.addHandler(stdout_hdlr)
def main():
"""
Perform argument parsing.
@ -457,7 +425,7 @@ def main():
# start main routine
# setup logger
logger = logging.getLogger()
configure_logger(logger)
logging_util.configure_logger(logger)
logger.setLevel(logging.DEBUG if args.verbose else logging.ERROR)
td_auditor = TestDataAuditor(logger)

235
tests/scripts/generate_psa_tests.py
View File

@ -26,157 +26,15 @@ import sys
from typing import Callable, Dict, FrozenSet, Iterable, Iterator, List, Optional
import scripts_path # pylint: disable=unused-import
from mbedtls_dev import crypto_data_tests
from mbedtls_dev import crypto_knowledge
from mbedtls_dev import macro_collector
from mbedtls_dev import macro_collector #pylint: disable=unused-import
from mbedtls_dev import psa_information
from mbedtls_dev import psa_storage
from mbedtls_dev import test_case
from mbedtls_dev import test_data_generation
def psa_want_symbol(name: str) -> str:
"""Return the PSA_WANT_xxx symbol associated with a PSA crypto feature."""
if name.startswith('PSA_'):
return name[:4] + 'WANT_' + name[4:]
else:
raise ValueError('Unable to determine the PSA_WANT_ symbol for ' + name)
def finish_family_dependency(dep: str, bits: int) -> str:
"""Finish dep if it's a family dependency symbol prefix.
A family dependency symbol prefix is a PSA_WANT_ symbol that needs to be
qualified by the key size. If dep is such a symbol, finish it by adjusting
the prefix and appending the key size. Other symbols are left unchanged.
"""
return re.sub(r'_FAMILY_(.*)', r'_\1_' + str(bits), dep)
def finish_family_dependencies(dependencies: List[str], bits: int) -> List[str]:
"""Finish any family dependency symbol prefixes.
Apply `finish_family_dependency` to each element of `dependencies`.
"""
return [finish_family_dependency(dep, bits) for dep in dependencies]
SYMBOLS_WITHOUT_DEPENDENCY = frozenset([
'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', # modifier, only in policies
'PSA_ALG_AEAD_WITH_SHORTENED_TAG', # modifier
'PSA_ALG_ANY_HASH', # only in policies
'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', # modifier, only in policies
'PSA_ALG_KEY_AGREEMENT', # chaining
'PSA_ALG_TRUNCATED_MAC', # modifier
])
def automatic_dependencies(*expressions: str) -> List[str]:
"""Infer dependencies of a test case by looking for PSA_xxx symbols.
The arguments are strings which should be C expressions. Do not use
string literals or comments as this function is not smart enough to
skip them.
"""
used = set()
for expr in expressions:
used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|KEY_TYPE)_\w+', expr))
used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY)
return sorted(psa_want_symbol(name) for name in used)
# Define set of regular expressions and dependencies to optionally append
# extra dependencies for test case.
AES_128BIT_ONLY_DEP_REGEX = r'AES\s(192|256)'
AES_128BIT_ONLY_DEP = ["!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"]
DEPENDENCY_FROM_KEY = {
AES_128BIT_ONLY_DEP_REGEX: AES_128BIT_ONLY_DEP
}#type: Dict[str, List[str]]
def generate_key_dependencies(description: str) -> List[str]:
"""Return additional dependencies based on pairs of REGEX and dependencies.
"""
deps = []
for regex, dep in DEPENDENCY_FROM_KEY.items():
if re.search(regex, description):
deps += dep
return deps
# A temporary hack: at the time of writing, not all dependency symbols
# are implemented yet. Skip test cases for which the dependency symbols are
# not available. Once all dependency symbols are available, this hack must
# be removed so that a bug in the dependency symbols properly leads to a test
# failure.
def read_implemented_dependencies(filename: str) -> FrozenSet[str]:
return frozenset(symbol
for line in open(filename)
for symbol in re.findall(r'\bPSA_WANT_\w+\b', line))
_implemented_dependencies = None #type: Optional[FrozenSet[str]] #pylint: disable=invalid-name
def hack_dependencies_not_implemented(dependencies: List[str]) -> None:
global _implemented_dependencies #pylint: disable=global-statement,invalid-name
if _implemented_dependencies is None:
_implemented_dependencies = \
read_implemented_dependencies('include/psa/crypto_config.h')
if not all((dep.lstrip('!') in _implemented_dependencies or
'PSA_WANT' not in dep)
for dep in dependencies):
dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET')
def tweak_key_pair_dependency(dep: str, usage: str):
"""
This helper function add the proper suffix to PSA_WANT_KEY_TYPE_xxx_KEY_PAIR
symbols according to the required usage.
"""
ret_list = list()
# Note: this LEGACY replacement for RSA is temporary and it's going to be
# aligned with ECC one in #7772.
if dep.endswith('RSA_KEY_PAIR'):
ret_list.append(re.sub(r'RSA_KEY_PAIR\Z', r'RSA_KEY_PAIR_LEGACY', dep))
elif dep.endswith('ECC_KEY_PAIR'):
if usage == "BASIC":
# BASIC automatically includes IMPORT and EXPORT for test purposes (see
# config_psa.h).
ret_list.append(re.sub(r'ECC_KEY_PAIR', r'ECC_KEY_PAIR_BASIC', dep))
ret_list.append(re.sub(r'ECC_KEY_PAIR', r'ECC_KEY_PAIR_IMPORT', dep))
ret_list.append(re.sub(r'ECC_KEY_PAIR', r'ECC_KEY_PAIR_EXPORT', dep))
elif usage == "GENERATE":
ret_list.append(re.sub(r'ECC_KEY_PAIR', r'ECC_KEY_PAIR_GENERATE', dep))
else:
# No replacement to do in this case
ret_list.append(dep)
return ret_list
def fix_key_pair_dependencies(dep_list: List[str], usage: str):
new_list = [new_deps
for dep in dep_list
for new_deps in tweak_key_pair_dependency(dep, usage)]
return new_list
class Information:
"""Gather information about PSA constructors."""
def __init__(self) -> None:
self.constructors = self.read_psa_interface()
@staticmethod
def remove_unwanted_macros(
constructors: macro_collector.PSAMacroEnumerator
) -> None:
# Mbed TLS doesn't support finite-field DH yet and will not support
# finite-field DSA. Don't attempt to generate any related test case.
constructors.key_types.discard('PSA_KEY_TYPE_DH_KEY_PAIR')
constructors.key_types.discard('PSA_KEY_TYPE_DH_PUBLIC_KEY')
constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR')
constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY')
def read_psa_interface(self) -> macro_collector.PSAMacroEnumerator:
"""Return the list of known key types, algorithms, etc."""
constructors = macro_collector.InputsForTest()
header_file_names = ['include/psa/crypto_values.h',
'include/psa/crypto_extra.h']
test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data']
for header_file_name in header_file_names:
constructors.parse_header(header_file_name)
for test_cases in test_suites:
constructors.parse_test_cases(test_cases)
self.remove_unwanted_macros(constructors)
constructors.gather_arguments()
return constructors
def test_case_for_key_type_not_supported(
verb: str, key_type: str, bits: int,
@ -187,7 +45,7 @@ def test_case_for_key_type_not_supported(
"""Return one test case exercising a key creation method
for an unsupported key type or size.
"""
hack_dependencies_not_implemented(dependencies)
psa_information.hack_dependencies_not_implemented(dependencies)
tc = test_case.TestCase()
short_key_type = crypto_knowledge.short_expression(key_type)
adverb = 'not' if dependencies else 'never'
@ -203,7 +61,7 @@ def test_case_for_key_type_not_supported(
class KeyTypeNotSupported:
"""Generate test cases for when a key type is not supported."""
def __init__(self, info: Information) -> None:
def __init__(self, info: psa_information.Information) -> None:
self.constructors = info.constructors
ALWAYS_SUPPORTED = frozenset([
@ -230,20 +88,22 @@ class KeyTypeNotSupported:
# They would be skipped in all configurations, which is noise.
return
import_dependencies = [('!' if param is None else '') +
psa_want_symbol(kt.name)]
psa_information.psa_want_symbol(kt.name)]
if kt.params is not None:
import_dependencies += [('!' if param == i else '') +
psa_want_symbol(sym)
psa_information.psa_want_symbol(sym)
for i, sym in enumerate(kt.params)]
if kt.name.endswith('_PUBLIC_KEY'):
generate_dependencies = []
else:
generate_dependencies = fix_key_pair_dependencies(import_dependencies, 'GENERATE')
import_dependencies = fix_key_pair_dependencies(import_dependencies, 'BASIC')
generate_dependencies = \
psa_information.fix_key_pair_dependencies(import_dependencies, 'GENERATE')
import_dependencies = \
psa_information.fix_key_pair_dependencies(import_dependencies, 'BASIC')
for bits in kt.sizes_to_test():
yield test_case_for_key_type_not_supported(
'import', kt.expression, bits,
finish_family_dependencies(import_dependencies, bits),
psa_information.finish_family_dependencies(import_dependencies, bits),
test_case.hex_string(kt.key_material(bits)),
param_descr=param_descr,
)
@ -257,7 +117,7 @@ class KeyTypeNotSupported:
if not kt.is_public():
yield test_case_for_key_type_not_supported(
'generate', kt.expression, bits,
finish_family_dependencies(generate_dependencies, bits),
psa_information.finish_family_dependencies(generate_dependencies, bits),
str(bits),
param_descr=param_descr,
)
@ -265,12 +125,16 @@ class KeyTypeNotSupported:
ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
DH_KEY_TYPES = ('PSA_KEY_TYPE_DH_KEY_PAIR',
'PSA_KEY_TYPE_DH_PUBLIC_KEY')
def test_cases_for_not_supported(self) -> Iterator[test_case.TestCase]:
"""Generate test cases that exercise the creation of keys of unsupported types."""
for key_type in sorted(self.constructors.key_types):
if key_type in self.ECC_KEY_TYPES:
continue
if key_type in self.DH_KEY_TYPES:
continue
kt = crypto_knowledge.KeyType(key_type)
yield from self.test_cases_for_key_type_not_supported(kt)
for curve_family in sorted(self.constructors.ecc_curves):
@ -280,6 +144,13 @@ class KeyTypeNotSupported:
kt, param_descr='type')
yield from self.test_cases_for_key_type_not_supported(
kt, 0, param_descr='curve')
for dh_family in sorted(self.constructors.dh_groups):
for constr in self.DH_KEY_TYPES:
kt = crypto_knowledge.KeyType(constr, [dh_family])
yield from self.test_cases_for_key_type_not_supported(
kt, param_descr='type')
yield from self.test_cases_for_key_type_not_supported(
kt, 0, param_descr='group')
def test_case_for_key_generation(
key_type: str, bits: int,
@ -289,7 +160,7 @@ def test_case_for_key_generation(
) -> test_case.TestCase:
"""Return one test case exercising a key generation.
"""
hack_dependencies_not_implemented(dependencies)
psa_information.hack_dependencies_not_implemented(dependencies)
tc = test_case.TestCase()
short_key_type = crypto_knowledge.short_expression(key_type)
tc.set_description('PSA {} {}-bit'
@ -303,11 +174,13 @@ def test_case_for_key_generation(
class KeyGenerate:
"""Generate positive and negative (invalid argument) test cases for key generation."""
def __init__(self, info: Information) -> None:
def __init__(self, info: psa_information.Information) -> None:
self.constructors = info.constructors
ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
DH_KEY_TYPES = ('PSA_KEY_TYPE_DH_KEY_PAIR',
'PSA_KEY_TYPE_DH_PUBLIC_KEY')
@staticmethod
def test_cases_for_key_type_key_generation(
@ -320,9 +193,9 @@ class KeyGenerate:
"""
result = 'PSA_SUCCESS'
import_dependencies = [psa_want_symbol(kt.name)]
import_dependencies = [psa_information.psa_want_symbol(kt.name)]
if kt.params is not None:
import_dependencies += [psa_want_symbol(sym)
import_dependencies += [psa_information.psa_want_symbol(sym)
for i, sym in enumerate(kt.params)]
if kt.name.endswith('_PUBLIC_KEY'):
# The library checks whether the key type is a public key generically,
@ -331,11 +204,17 @@ class KeyGenerate:
generate_dependencies = []
result = 'PSA_ERROR_INVALID_ARGUMENT'
else:
generate_dependencies = fix_key_pair_dependencies(import_dependencies, 'GENERATE')
generate_dependencies = \
psa_information.fix_key_pair_dependencies(import_dependencies, 'GENERATE')
for bits in kt.sizes_to_test():
if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR':
size_dependency = "PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= " + str(bits)
test_dependencies = generate_dependencies + [size_dependency]
else:
test_dependencies = generate_dependencies
yield test_case_for_key_generation(
kt.expression, bits,
finish_family_dependencies(generate_dependencies, bits),
psa_information.finish_family_dependencies(test_dependencies, bits),
str(bits),
result
)
@ -345,12 +224,18 @@ class KeyGenerate:
for key_type in sorted(self.constructors.key_types):
if key_type in self.ECC_KEY_TYPES:
continue
if key_type in self.DH_KEY_TYPES:
continue
kt = crypto_knowledge.KeyType(key_type)
yield from self.test_cases_for_key_type_key_generation(kt)
for curve_family in sorted(self.constructors.ecc_curves):
for constr in self.ECC_KEY_TYPES:
kt = crypto_knowledge.KeyType(constr, [curve_family])
yield from self.test_cases_for_key_type_key_generation(kt)
for dh_family in sorted(self.constructors.dh_groups):
for constr in self.DH_KEY_TYPES:
kt = crypto_knowledge.KeyType(constr, [dh_family])
yield from self.test_cases_for_key_type_key_generation(kt)
class OpFail:
"""Generate test cases for operations that must fail."""
@ -362,7 +247,7 @@ class OpFail:
INCOMPATIBLE = 2
PUBLIC = 3
def __init__(self, info: Information) -> None:
def __init__(self, info: psa_information.Information) -> None:
self.constructors = info.constructors
key_type_expressions = self.constructors.generate_expressions(
sorted(self.constructors.key_types)
@ -399,8 +284,8 @@ class OpFail:
pretty_alg,
pretty_reason,
' with ' + pretty_type if pretty_type else ''))
dependencies = automatic_dependencies(alg.base_expression, key_type)
dependencies = fix_key_pair_dependencies(dependencies, 'BASIC')
dependencies = psa_information.automatic_dependencies(alg.base_expression, key_type)
dependencies = psa_information.fix_key_pair_dependencies(dependencies, 'BASIC')
for i, dep in enumerate(dependencies):
if dep in not_deps:
dependencies[i] = '!' + dep
@ -427,7 +312,7 @@ class OpFail:
"""Generate failure test cases for keyless operations with the specified algorithm."""
if alg.can_do(category):
# Compatible operation, unsupported algorithm
for dep in automatic_dependencies(alg.base_expression):
for dep in psa_information.automatic_dependencies(alg.base_expression):
yield self.make_test_case(alg, category,
self.Reason.NOT_SUPPORTED,
not_deps=frozenset([dep]))
@ -445,7 +330,7 @@ class OpFail:
key_is_compatible = kt.can_do(alg)
if key_is_compatible and alg.can_do(category):
# Compatible key and operation, unsupported algorithm
for dep in automatic_dependencies(alg.base_expression):
for dep in psa_information.automatic_dependencies(alg.base_expression):
yield self.make_test_case(alg, category,
self.Reason.NOT_SUPPORTED,
kt=kt, not_deps=frozenset([dep]))
@ -551,7 +436,7 @@ class StorageTestData(StorageKey):
class StorageFormat:
"""Storage format stability test cases."""
def __init__(self, info: Information, version: int, forward: bool) -> None:
def __init__(self, info: psa_information.Information, version: int, forward: bool) -> None:
"""Prepare to generate test cases for storage format stability.
* `info`: information about the API. See the `Information` class.
@ -618,13 +503,13 @@ class StorageFormat:
verb = 'save' if self.forward else 'read'
tc = test_case.TestCase()
tc.set_description(verb + ' ' + key.description)
dependencies = automatic_dependencies(
dependencies = psa_information.automatic_dependencies(
key.lifetime.string, key.type.string,
key.alg.string, key.alg2.string,
)
dependencies = finish_family_dependencies(dependencies, key.bits)
dependencies += generate_key_dependencies(key.description)
dependencies = fix_key_pair_dependencies(dependencies, 'BASIC')
dependencies = psa_information.finish_family_dependencies(dependencies, key.bits)
dependencies += psa_information.generate_key_dependencies(key.description)
dependencies = psa_information.fix_key_pair_dependencies(dependencies, 'BASIC')
tc.set_dependencies(dependencies)
tc.set_function('key_storage_' + verb)
if self.forward:
@ -829,13 +714,13 @@ class StorageFormat:
class StorageFormatForward(StorageFormat):
"""Storage format stability test cases for forward compatibility."""
def __init__(self, info: Information, version: int) -> None:
def __init__(self, info: psa_information.Information, version: int) -> None:
super().__init__(info, version, True)
class StorageFormatV0(StorageFormat):
"""Storage format stability test cases for version 0 compatibility."""
def __init__(self, info: Information) -> None:
def __init__(self, info: psa_information.Information) -> None:
super().__init__(info, 0, False)
def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]:
@ -945,6 +830,7 @@ class StorageFormatV0(StorageFormat):
yield from super().generate_all_keys()
yield from self.all_keys_for_implicit_usage()
class PSATestGenerator(test_data_generation.TestGenerator):
"""Test generator subclass including PSA targets and info."""
# Note that targets whose names contain 'test_format' have their content
@ -954,20 +840,23 @@ class PSATestGenerator(test_data_generation.TestGenerator):
lambda info: KeyGenerate(info).test_cases_for_key_generation(),
'test_suite_psa_crypto_not_supported.generated':
lambda info: KeyTypeNotSupported(info).test_cases_for_not_supported(),
'test_suite_psa_crypto_low_hash.generated':
lambda info: crypto_data_tests.HashPSALowLevel(info).all_test_cases(),
'test_suite_psa_crypto_op_fail.generated':
lambda info: OpFail(info).all_test_cases(),
'test_suite_psa_crypto_storage_format.current':
lambda info: StorageFormatForward(info, 0).all_test_cases(),
'test_suite_psa_crypto_storage_format.v0':
lambda info: StorageFormatV0(info).all_test_cases(),
} #type: Dict[str, Callable[[Information], Iterable[test_case.TestCase]]]
} #type: Dict[str, Callable[[psa_information.Information], Iterable[test_case.TestCase]]]
def __init__(self, options):
super().__init__(options)
self.info = Information()
self.info = psa_information.Information()
def generate_target(self, name: str, *target_args) -> None:
super().generate_target(name, self.info)
if __name__ == '__main__':
test_data_generation.main(sys.argv[1:], __doc__, PSATestGenerator)

5
tests/scripts/generate_test_code.py
View File

@ -667,6 +667,11 @@ def parse_function_code(funcs_f, dependencies, suite_dependencies):
code = code.replace(name, 'test_' + name, 1)
name = 'test_' + name
# If a test function has no arguments then add 'void' argument to
# avoid "-Wstrict-prototypes" warnings from clang
if len(args) == 0:
code = code.replace('()', '(void)', 1)
for line in funcs_f:
if re.search(END_CASE_REGEX, line):
break

12
tests/scripts/test_generate_test_code.py
View File

@ -647,7 +647,7 @@ void func()
self.assertEqual(arg, [])
expected = '''#line 1 "test_suite_ut.function"
void test_func()
void test_func(void)
{
ba ba black sheep
have you any wool
@ -690,7 +690,7 @@ exit:
expected = '''#line 1 "test_suite_ut.function"
void test_func()
void test_func(void)
{
ba ba black sheep
have you any wool
@ -750,7 +750,7 @@ exit:
void
test_func()
test_func(void)
{
ba ba black sheep
have you any wool
@ -803,7 +803,7 @@ exit:
void test_func()
void test_func(void)
{
ba ba black sheep
have you any wool
@ -1139,7 +1139,7 @@ void func2()
#if defined(MBEDTLS_ENTROPY_NV_SEED)
#if defined(MBEDTLS_FS_IO)
#line 13 "test_suite_ut.function"
void test_func1()
void test_func1(void)
{
exit:
;
@ -1156,7 +1156,7 @@ void test_func1_wrapper( void ** params )
#if defined(MBEDTLS_ENTROPY_NV_SEED)
#if defined(MBEDTLS_FS_IO)
#line 19 "test_suite_ut.function"
void test_func2()
void test_func2(void)
{
exit:
;

2
tests/src/bignum_helpers.c
View File

@ -86,6 +86,7 @@ exit:
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
#if defined(MBEDTLS_ECP_WITH_MPI_UINT)
int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N,
const char *s,
mbedtls_mpi_mod_rep_selector int_rep)
@ -122,6 +123,7 @@ void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N)
mbedtls_free((mbedtls_mpi_uint *) N->p);
mbedtls_mpi_mod_modulus_free(N);
}
#endif /* MBEDTLS_ECP_WITH_MPI_UINT */
int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s)
{

18
tests/src/drivers/test_driver_key_management.c
View File

@ -234,18 +234,18 @@ psa_status_t mbedtls_test_transparent_generate_key(
#endif
} else if (psa_get_key_type(attributes) == PSA_KEY_TYPE_RSA_KEY_PAIR) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY)
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
return libtestdriver1_mbedtls_psa_rsa_generate_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key, key_size, key_length);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY)
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
return mbedtls_psa_rsa_generate_key(
attributes, key, key_size, key_length);
#endif
} else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes))
&& PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR)
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE)
return libtestdriver1_mbedtls_psa_ffdh_generate_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key, key_size, key_length);
@ -307,14 +307,14 @@ psa_status_t mbedtls_test_transparent_import_key(
#endif
} else if (PSA_KEY_TYPE_IS_RSA(type)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \
(defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY))
return libtestdriver1_mbedtls_psa_rsa_import_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
return mbedtls_psa_rsa_import_key(
attributes,
@ -426,7 +426,7 @@ psa_status_t mbedtls_test_opaque_import_key(
data, data_length,
key_buffer_temp, key_buffer_size,
key_buffer_length, bits);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
status = mbedtls_psa_rsa_import_key(
attributes,
@ -576,13 +576,13 @@ psa_status_t mbedtls_test_transparent_export_public_key(
#endif
} else if (PSA_KEY_TYPE_IS_RSA(key_type)) {
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \
(defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY))
return libtestdriver1_mbedtls_psa_rsa_export_public_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
data, data_size, data_length);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
return mbedtls_psa_rsa_export_public_key(
attributes,
@ -660,7 +660,7 @@ psa_status_t mbedtls_test_opaque_export_public_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer_temp, *data_length,
data, data_size, data_length);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
status = mbedtls_psa_rsa_export_public_key(
attributes,

18
tests/src/helpers.c
View File

@ -20,6 +20,11 @@
#include <test/macros.h>
#include <string.h>
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
#include <psa/crypto.h>
#include <test/psa_crypto_helpers.h>
#endif
/*----------------------------------------------------------------------------*/
/* Static global variables */
@ -35,9 +40,22 @@ mbedtls_test_info_t mbedtls_test_info;
int mbedtls_test_platform_setup(void)
{
int ret = 0;
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
/* Make sure that injected entropy is present. Otherwise
* psa_crypto_init() will fail. This is not necessary for test suites
* that don't use PSA, but it's harmless (except for leaving a file
* behind). */
ret = mbedtls_test_inject_entropy_restore();
if (ret != 0) {
return ret;
}
#endif
#if defined(MBEDTLS_PLATFORM_C)
ret = mbedtls_platform_setup(&platform_ctx);
#endif /* MBEDTLS_PLATFORM_C */
return ret;
}

45
tests/src/psa_crypto_helpers.c
View File

@ -149,4 +149,49 @@ int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename)
}
}
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
#include <mbedtls/entropy.h>
#include <psa_crypto_its.h>
int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len)
{
size_t actual_len = 0;
psa_status_t status = psa_its_get(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
0, len, buf, &actual_len);
if (status != 0) {
return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
}
if (actual_len != len) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
return 0;
}
int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len)
{
psa_status_t status = psa_its_set(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
len, buf, 0);
if (status != 0) {
return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
}
return 0;
}
int mbedtls_test_inject_entropy_restore(void)
{
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
for (size_t i = 0; i < sizeof(buf); i++) {
buf[i] = (unsigned char) i;
}
psa_status_t status = mbedtls_psa_inject_entropy(buf, sizeof(buf));
/* It's ok if the file was just created, or if it already exists. */
if (status != PSA_SUCCESS && status != PSA_ERROR_NOT_PERMITTED) {
return status;
}
return PSA_SUCCESS;
}
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
#endif /* MBEDTLS_PSA_CRYPTO_C */

18
tests/src/psa_exercise_key.c
View File

@ -309,7 +309,7 @@ static int exercise_signature_key(mbedtls_svc_key_id_t key,
hash_alg = KNOWN_SUPPORTED_HASH_ALG;
alg ^= PSA_ALG_ANY_HASH ^ hash_alg;
#else
TEST_ASSERT(!"No hash algorithm for hash-and-sign testing");
TEST_FAIL("No hash algorithm for hash-and-sign testing");
#endif
}
@ -438,7 +438,7 @@ int mbedtls_test_psa_setup_key_derivation_wrap(
PSA_KEY_DERIVATION_INPUT_LABEL,
input2, input2_length));
} else {
TEST_ASSERT(!"Key derivation algorithm not supported");
TEST_FAIL("Key derivation algorithm not supported");
}
if (capacity != SIZE_MAX) {
@ -506,7 +506,7 @@ psa_status_t mbedtls_test_psa_key_agreement_with_self(
key_bits = psa_get_key_bits(&attributes);
public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type);
public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits);
ASSERT_ALLOC(public_key, public_key_length);
TEST_CALLOC(public_key, public_key_length);
PSA_ASSERT(psa_export_public_key(key, public_key, public_key_length,
&public_key_length));
@ -548,7 +548,7 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self(
key_bits = psa_get_key_bits(&attributes);
public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type);
public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits);
ASSERT_ALLOC(public_key, public_key_length);
TEST_CALLOC(public_key, public_key_length);
PSA_ASSERT(psa_export_public_key(key,
public_key, public_key_length,
&public_key_length));
@ -798,7 +798,7 @@ int mbedtls_test_psa_exported_key_sanity_check(
PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
} else {
(void) exported;
TEST_ASSERT(!"Sanity check not implemented for this key type");
TEST_FAIL("Sanity check not implemented for this key type");
}
#if defined(MBEDTLS_DES_C)
@ -838,7 +838,7 @@ static int exercise_export_key(mbedtls_svc_key_id_t key,
exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
psa_get_key_type(&attributes),
psa_get_key_bits(&attributes));
ASSERT_ALLOC(exported, exported_size);
TEST_CALLOC(exported, exported_size);
if ((usage & PSA_KEY_USAGE_EXPORT) == 0 &&
!PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_get_key_type(&attributes))) {
@ -881,7 +881,7 @@ static int exercise_export_public_key(mbedtls_svc_key_id_t key)
exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
psa_get_key_type(&attributes),
psa_get_key_bits(&attributes));
ASSERT_ALLOC(exported, exported_size);
TEST_CALLOC(exported, exported_size);
TEST_EQUAL(psa_export_public_key(key, exported,
exported_size, &exported_length),
@ -894,7 +894,7 @@ static int exercise_export_public_key(mbedtls_svc_key_id_t key)
psa_get_key_type(&attributes));
exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_type,
psa_get_key_bits(&attributes));
ASSERT_ALLOC(exported, exported_size);
TEST_CALLOC(exported, exported_size);
PSA_ASSERT(psa_export_public_key(key,
exported, exported_size,
@ -943,7 +943,7 @@ int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key,
} else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) {
ok = exercise_key_agreement_key(key, usage, alg);
} else {
TEST_ASSERT(!"No code to exercise this category of algorithm");
TEST_FAIL("No code to exercise this category of algorithm");
}
ok = ok && exercise_export_key(key, usage);

2
tests/src/random.c
View File

@ -36,7 +36,7 @@
#include <string.h>
#include <mbedtls/entropy.h>
#include "../../library/alignment.h"
#include <alignment.h>
int mbedtls_test_rnd_std_rand(void *rng_state,
unsigned char *output,

22
tests/src/test_helpers/ssl_helpers.c
View File

@ -91,7 +91,7 @@ void mbedtls_test_init_handshake_options(
opts->resize_buffers = 1;
#if defined(MBEDTLS_SSL_CACHE_C)
opts->cache = NULL;
ASSERT_ALLOC(opts->cache, 1);
TEST_CALLOC(opts->cache, 1);
mbedtls_ssl_cache_init(opts->cache);
#if defined(MBEDTLS_HAVE_TIME)
TEST_EQUAL(mbedtls_ssl_cache_get_timeout(opts->cache),
@ -627,9 +627,9 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
}
cert = &(ep->cert);
ASSERT_ALLOC(cert->ca_cert, 1);
ASSERT_ALLOC(cert->cert, 1);
ASSERT_ALLOC(cert->pkey, 1);
TEST_CALLOC(cert->ca_cert, 1);
TEST_CALLOC(cert->cert, 1);
TEST_CALLOC(cert->pkey, 1);
mbedtls_x509_crt_init(cert->ca_cert);
mbedtls_x509_crt_init(cert->cert);
@ -1026,10 +1026,10 @@ static void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher,
TEST_ASSERT(ciphersuite_info->max_tls_version >= conf->min_tls_version);
if (conf->max_tls_version > ciphersuite_info->max_tls_version) {
conf->max_tls_version = ciphersuite_info->max_tls_version;
conf->max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version;
}
if (conf->min_tls_version < ciphersuite_info->min_tls_version) {
conf->min_tls_version = ciphersuite_info->min_tls_version;
conf->min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version;
}
mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite);
@ -1146,7 +1146,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
maclen = 0;
/* Pick cipher */
cipher_info = mbedtls_cipher_info_from_type(cipher_type);
cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type);
CHK(cipher_info != NULL);
CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16);
CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0);
@ -1204,10 +1204,10 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
if (cipher_info->mode == MBEDTLS_MODE_CBC ||
cipher_info->mode == MBEDTLS_MODE_STREAM) {
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type(hash_id);
mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id);
CHK(md_info != NULL);
#endif
maclen = mbedtls_md_get_size_from_type(hash_id);
maclen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) hash_id);
CHK(maclen != 0);
/* Pick hash keys */
CHK((md0 = mbedtls_calloc(1, maclen)) != NULL);
@ -1759,8 +1759,8 @@ static int check_ssl_version(
break;
default:
TEST_ASSERT(
!"Version check not implemented for this protocol version");
TEST_FAIL(
"Version check not implemented for this protocol version");
}
return 1;

7
tests/ssl-opt.sh
View File

@ -435,6 +435,13 @@ detect_required_features() {
;;
esac
case "$CMD_LINE" in
*server2*|\
*server7*)
# server2 and server7 certificates use RSA encryption
requires_config_enabled "MBEDTLS_RSA_C"
esac
unset tmp
}

28
tests/suites/test_suite_aes.function
View File

@ -38,13 +38,13 @@ static int test_copy(const data_t *key,
// Encrypt with copied context
TEST_ASSERT(mbedtls_aes_crypt_ecb(enc, MBEDTLS_AES_ENCRYPT,
plaintext, output) == 0);
ASSERT_COMPARE(ciphertext, 16, output, 16);
TEST_MEMORY_COMPARE(ciphertext, 16, output, 16);
mbedtls_aes_free(enc);
// Decrypt with copied context
TEST_ASSERT(mbedtls_aes_crypt_ecb(dec, MBEDTLS_AES_DECRYPT,
ciphertext, output) == 0);
ASSERT_COMPARE(plaintext, 16, output, 16);
TEST_MEMORY_COMPARE(plaintext, 16, output, 16);
mbedtls_aes_free(dec);
return 1;
@ -545,9 +545,9 @@ void aes_ecb_copy_context(data_t *key)
struct align1 *dec1 = NULL;
/* All peak alignment */
ASSERT_ALLOC(src0, 1);
ASSERT_ALLOC(enc0, 1);
ASSERT_ALLOC(dec0, 1);
TEST_CALLOC(src0, 1);
TEST_CALLOC(enc0, 1);
TEST_CALLOC(dec0, 1);
if (!test_copy(key, &src0->ctx, &enc0->ctx, &dec0->ctx)) {
goto exit;
}
@ -559,9 +559,9 @@ void aes_ecb_copy_context(data_t *key)
dec0 = NULL;
/* Original shifted */
ASSERT_ALLOC(src1, 1);
ASSERT_ALLOC(enc0, 1);
ASSERT_ALLOC(dec0, 1);
TEST_CALLOC(src1, 1);
TEST_CALLOC(enc0, 1);
TEST_CALLOC(dec0, 1);
if (!test_copy(key, &src1->ctx, &enc0->ctx, &dec0->ctx)) {
goto exit;
}
@ -573,9 +573,9 @@ void aes_ecb_copy_context(data_t *key)
dec0 = NULL;
/* Copies shifted */
ASSERT_ALLOC(src0, 1);
ASSERT_ALLOC(enc1, 1);
ASSERT_ALLOC(dec1, 1);
TEST_CALLOC(src0, 1);
TEST_CALLOC(enc1, 1);
TEST_CALLOC(dec1, 1);
if (!test_copy(key, &src0->ctx, &enc1->ctx, &dec1->ctx)) {
goto exit;
}
@ -587,9 +587,9 @@ void aes_ecb_copy_context(data_t *key)
dec1 = NULL;
/* Source and copies shifted */
ASSERT_ALLOC(src1, 1);
ASSERT_ALLOC(enc1, 1);
ASSERT_ALLOC(dec1, 1);
TEST_CALLOC(src1, 1);
TEST_CALLOC(enc1, 1);
TEST_CALLOC(dec1, 1);
if (!test_copy(key, &src1->ctx, &enc1->ctx, &dec1->ctx)) {
goto exit;
}

4
tests/suites/test_suite_alignment.function
View File

@ -1,5 +1,5 @@
/* BEGIN_HEADER */
#include "../library/alignment.h"
#include <alignment.h>
#include <stdint.h>
@ -121,7 +121,7 @@ void mbedtls_byteswap(char *input_str, int size, char *expected_str)
r = MBEDTLS_BSWAP64(input);
break;
default:
TEST_ASSERT(!"size must be 16, 32 or 64");
TEST_FAIL("size must be 16, 32 or 64");
}
TEST_EQUAL(r, expected);

32
tests/suites/test_suite_aria.function
View File

@ -77,8 +77,8 @@ void aria_encrypt_ecb(data_t *key_str, data_t *src_str,
output + i) == 0);
}
ASSERT_COMPARE(output, expected_output->len,
expected_output->x, expected_output->len);
TEST_MEMORY_COMPARE(output, expected_output->len,
expected_output->x, expected_output->len);
}
exit:
@ -105,8 +105,8 @@ void aria_decrypt_ecb(data_t *key_str, data_t *src_str,
output + i) == 0);
}
ASSERT_COMPARE(output, expected_output->len,
expected_output->x, expected_output->len);
TEST_MEMORY_COMPARE(output, expected_output->len,
expected_output->x, expected_output->len);
}
exit:
@ -130,8 +130,8 @@ void aria_encrypt_cbc(data_t *key_str, data_t *iv_str,
src_str->len, iv_str->x, src_str->x,
output) == cbc_result);
if (cbc_result == 0) {
ASSERT_COMPARE(output, expected_output->len,
expected_output->x, expected_output->len);
TEST_MEMORY_COMPARE(output, expected_output->len,
expected_output->x, expected_output->len);
}
exit:
@ -155,8 +155,8 @@ void aria_decrypt_cbc(data_t *key_str, data_t *iv_str,
src_str->len, iv_str->x, src_str->x,
output) == cbc_result);
if (cbc_result == 0) {
ASSERT_COMPARE(output, expected_output->len,
expected_output->x, expected_output->len);
TEST_MEMORY_COMPARE(output, expected_output->len,
expected_output->x, expected_output->len);
}
exit:
@ -182,8 +182,8 @@ void aria_encrypt_cfb128(data_t *key_str, data_t *iv_str,
iv_str->x, src_str->x, output)
== result);
ASSERT_COMPARE(output, expected_output->len,
expected_output->x, expected_output->len);
TEST_MEMORY_COMPARE(output, expected_output->len,
expected_output->x, expected_output->len);
exit:
mbedtls_aria_free(&ctx);
@ -208,8 +208,8 @@ void aria_decrypt_cfb128(data_t *key_str, data_t *iv_str,
iv_str->x, src_str->x, output)
== result);
ASSERT_COMPARE(output, expected_output->len,
expected_output->x, expected_output->len);
TEST_MEMORY_COMPARE(output, expected_output->len,
expected_output->x, expected_output->len);
exit:
mbedtls_aria_free(&ctx);
@ -234,8 +234,8 @@ void aria_encrypt_ctr(data_t *key_str, data_t *iv_str,
iv_str->x, blk, src_str->x, output)
== result);
ASSERT_COMPARE(output, expected_output->len,
expected_output->x, expected_output->len);
TEST_MEMORY_COMPARE(output, expected_output->len,
expected_output->x, expected_output->len);
exit:
mbedtls_aria_free(&ctx);
@ -260,8 +260,8 @@ void aria_decrypt_ctr(data_t *key_str, data_t *iv_str,
iv_str->x, blk, src_str->x, output)
== result);
ASSERT_COMPARE(output, expected_output->len,
expected_output->x, expected_output->len);
TEST_MEMORY_COMPARE(output, expected_output->len,
expected_output->x, expected_output->len);
exit:
mbedtls_aria_free(&ctx);

14
tests/suites/test_suite_asn1parse.function
View File

@ -135,11 +135,11 @@ int get_len_step(const data_t *input, size_t buffer_size,
/* Allocate a new buffer of exactly the length to parse each time.
* This gives memory sanitizers a chance to catch buffer overreads. */
if (buffer_size == 0) {
ASSERT_ALLOC(buf, 1);
TEST_CALLOC(buf, 1);
end = buf + 1;
p = end;
} else {
ASSERT_ALLOC_WEAK(buf, buffer_size);
TEST_CALLOC_OR_SKIP(buf, buffer_size);
if (buffer_size > input->len) {
memcpy(buf, input->x, input->len);
memset(buf + input->len, 'A', buffer_size - input->len);
@ -247,7 +247,7 @@ void parse_prefixes(const data_t *input,
mbedtls_test_set_step(buffer_size);
/* Allocate a new buffer of exactly the length to parse each time.
* This gives memory sanitizers a chance to catch buffer overreads. */
ASSERT_ALLOC(buf, buffer_size);
TEST_CALLOC(buf, buffer_size);
memcpy(buf, input->x, buffer_size);
p = buf;
ret = nested_parse(&p, buf + buffer_size);
@ -506,7 +506,7 @@ void get_mpi_too_large()
mbedtls_mpi_init(&actual_mpi);
ASSERT_ALLOC(buf, size);
TEST_CALLOC(buf, size);
buf[0] = 0x02; /* tag: INTEGER */
buf[1] = 0x84; /* 4-octet length */
buf[2] = (too_many_octets >> 24) & 0xff;
@ -729,10 +729,10 @@ void free_named_data(int with_oid, int with_val, int with_next)
{ { 0x06, 0, NULL }, { 0, 0, NULL }, NULL, 0 };
if (with_oid) {
ASSERT_ALLOC(head.oid.p, 1);
TEST_CALLOC(head.oid.p, 1);
}
if (with_val) {
ASSERT_ALLOC(head.val.p, 1);
TEST_CALLOC(head.val.p, 1);
}
if (with_next) {
head.next = &next;
@ -758,7 +758,7 @@ void free_named_data_list(int length)
for (i = 0; i < length; i++) {
mbedtls_asn1_named_data *new = NULL;
ASSERT_ALLOC(new, 1);
TEST_CALLOC(new, 1);
new->next = head;
head = new;
}

32
tests/suites/test_suite_asn1write.function
View File

@ -17,7 +17,7 @@ int generic_write_start_step(generic_write_data_t *data)
mbedtls_test_set_step(data->size);
mbedtls_free(data->output);
data->output = NULL;
ASSERT_ALLOC(data->output, data->size == 0 ? 1 : data->size);
TEST_CALLOC(data->output, data->size == 0 ? 1 : data->size);
data->end = data->output + data->size;
data->p = data->end;
data->start = data->end - data->size;
@ -37,8 +37,8 @@ int generic_write_finish_step(generic_write_data_t *data,
TEST_EQUAL(ret, data->end - data->p);
TEST_ASSERT(data->p >= data->start);
TEST_ASSERT(data->p <= data->end);
ASSERT_COMPARE(data->p, (size_t) (data->end - data->p),
expected->x, expected->len);
TEST_MEMORY_COMPARE(data->p, (size_t) (data->end - data->p),
expected->x, expected->len);
}
ok = 1;
@ -296,7 +296,7 @@ void mbedtls_asn1_write_algorithm_identifier(data_t *oid,
size_t len_complete = data_len + par_len;
unsigned char expected_params_tag;
size_t expected_params_len;
ASSERT_ALLOC(buf_complete, len_complete);
TEST_CALLOC(buf_complete, len_complete);
unsigned char *end_complete = buf_complete + len_complete;
memcpy(buf_complete, data.p, data_len);
if (par_len == 0) {
@ -316,13 +316,13 @@ void mbedtls_asn1_write_algorithm_identifier(data_t *oid,
buf_complete[data_len + 2] = (unsigned char) (expected_params_len >> 8);
buf_complete[data_len + 3] = (unsigned char) (expected_params_len);
} else {
TEST_ASSERT(!"Bad test data: invalid length of ASN.1 element");
TEST_FAIL("Bad test data: invalid length of ASN.1 element");
}
unsigned char *p = buf_complete;
TEST_EQUAL(mbedtls_asn1_get_alg(&p, end_complete,
&alg, &params), 0);
TEST_EQUAL(alg.tag, MBEDTLS_ASN1_OID);
ASSERT_COMPARE(alg.p, alg.len, oid->x, oid->len);
TEST_MEMORY_COMPARE(alg.p, alg.len, oid->x, oid->len);
TEST_EQUAL(params.tag, expected_params_tag);
TEST_EQUAL(params.len, expected_params_len);
mbedtls_free(buf_complete);
@ -404,7 +404,7 @@ void test_asn1_write_bitstrings(data_t *bitstring, int bits,
TEST_ASSERT(bitstring->len >= byte_length);
#if defined(MBEDTLS_ASN1_PARSE_C)
ASSERT_ALLOC(masked_bitstring, byte_length);
TEST_CALLOC(masked_bitstring, byte_length);
if (byte_length != 0) {
memcpy(masked_bitstring, bitstring->x, byte_length);
if (bits % 8 != 0) {
@ -440,8 +440,8 @@ void test_asn1_write_bitstrings(data_t *bitstring, int bits,
mbedtls_asn1_bitstring read = { 0, 0, NULL };
TEST_EQUAL(mbedtls_asn1_get_bitstring(&data.p, data.end,
&read), 0);
ASSERT_COMPARE(read.p, read.len,
masked_bitstring, byte_length);
TEST_MEMORY_COMPARE(read.p, read.len,
masked_bitstring, byte_length);
TEST_EQUAL(read.unused_bits, 8 * byte_length - value_bits);
}
#endif /* MBEDTLS_ASN1_PARSE_C */
@ -477,7 +477,7 @@ void store_named_data_find(data_t *oid0, data_t *oid1,
}
pointers[ARRAY_LENGTH(nd)] = NULL;
for (i = 0; i < ARRAY_LENGTH(nd); i++) {
ASSERT_ALLOC(nd[i].oid.p, oid[i]->len);
TEST_CALLOC(nd[i].oid.p, oid[i]->len);
memcpy(nd[i].oid.p, oid[i]->x, oid[i]->len);
nd[i].oid.len = oid[i]->len;
nd[i].next = pointers[i+1];
@ -529,7 +529,7 @@ void store_named_data_val_found(int old_len, int new_len)
unsigned char *new_val = (unsigned char *) "new value";
if (old_len != 0) {
ASSERT_ALLOC(nd.val.p, (size_t) old_len);
TEST_CALLOC(nd.val.p, (size_t) old_len);
old_val = nd.val.p;
nd.val.len = old_len;
memset(old_val, 'x', old_len);
@ -545,8 +545,8 @@ void store_named_data_val_found(int old_len, int new_len)
TEST_ASSERT(found == head);
if (new_val != NULL) {
ASSERT_COMPARE(found->val.p, found->val.len,
new_val, (size_t) new_len);
TEST_MEMORY_COMPARE(found->val.p, found->val.len,
new_val, (size_t) new_len);
}
if (new_len == 0) {
TEST_ASSERT(found->val.p == NULL);
@ -580,15 +580,15 @@ void store_named_data_val_new(int new_len, int set_new_val)
TEST_ASSERT(found != NULL);
TEST_ASSERT(found == head);
TEST_ASSERT(found->oid.p != oid);
ASSERT_COMPARE(found->oid.p, found->oid.len, oid, oid_len);
TEST_MEMORY_COMPARE(found->oid.p, found->oid.len, oid, oid_len);
if (new_len == 0) {
TEST_ASSERT(found->val.p == NULL);
} else if (new_val == NULL) {
TEST_ASSERT(found->val.p != NULL);
} else {
TEST_ASSERT(found->val.p != new_val);
ASSERT_COMPARE(found->val.p, found->val.len,
new_val, (size_t) new_len);
TEST_MEMORY_COMPARE(found->val.p, found->val.len,
new_val, (size_t) new_len);
}
exit:

24
tests/suites/test_suite_base64.data
View File

@ -1,27 +1,3 @@
mask_of_range empty (1..0)
mask_of_range:1:0
mask_of_range empty (255..0)
mask_of_range:255:0
mask_of_range empty (42..7)
mask_of_range:42:7
mask_of_range 0..0
mask_of_range:0:0
mask_of_range 42..42
mask_of_range:42:42
mask_of_range 255..255
mask_of_range:255:255
mask_of_range 0..255
mask_of_range:0:255
mask_of_range 'A'..'Z'
mask_of_range:65:90
enc_char (all digits)
enc_chars:

22
tests/suites/test_suite_base64.function
View File

@ -1,7 +1,7 @@
/* BEGIN_HEADER */
#include "mbedtls/base64.h"
#include "base64_internal.h"
#include "constant_time_internal.h"
#include "constant_time_invasive.h"
#include <test/constant_flow.h>
#if defined(MBEDTLS_TEST_HOOKS)
@ -16,26 +16,6 @@ static const char base64_digits[] =
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
void mask_of_range(int low_arg, int high_arg)
{
unsigned char low = low_arg, high = high_arg;
unsigned c;
for (c = 0; c <= 0xff; c++) {
mbedtls_test_set_step(c);
TEST_CF_SECRET(&c, sizeof(c));
unsigned char m = mbedtls_ct_uchar_mask_of_range(low, high, c);
TEST_CF_PUBLIC(&c, sizeof(c));
TEST_CF_PUBLIC(&m, sizeof(m));
if (low <= c && c <= high) {
TEST_EQUAL(m, 0xff);
} else {
TEST_EQUAL(m, 0);
}
}
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
void enc_chars()
{

4
tests/suites/test_suite_bignum.function
View File

@ -438,7 +438,7 @@ void mpi_lt_mpi_ct(int size_X, char *input_X,
TEST_ASSERT(mbedtls_mpi_lt_mpi_ct(&X, &Y, &ret) == input_err);
if (input_err == 0) {
TEST_ASSERT(ret == input_uret);
TEST_EQUAL(ret, input_uret);
}
exit:
@ -834,7 +834,7 @@ void mpi_mul_int(char *input_X, int input_Y,
} else if (strcmp(result_comparison, "!=") == 0) {
TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) != 0);
} else {
TEST_ASSERT("unknown operator" == 0);
TEST_FAIL("unknown operator");
}
exit:

173
tests/suites/test_suite_bignum_core.function
View File

@ -34,45 +34,45 @@ static int mpi_core_verify_add(mbedtls_mpi_uint *A,
/* A + B => correct result and carry */
TEST_EQUAL(carry, mbedtls_mpi_core_add(X, A, B, limbs));
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
/* A + B; alias output and first operand => correct result and carry */
memcpy(X, A, bytes);
TEST_EQUAL(carry, mbedtls_mpi_core_add(X, X, B, limbs));
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
/* A + B; alias output and second operand => correct result and carry */
memcpy(X, B, bytes);
TEST_EQUAL(carry, mbedtls_mpi_core_add(X, A, X, limbs));
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
if (memcmp(A, B, bytes) == 0) {
/* A == B, so test where A and B are aliased */
/* A + A => correct result and carry */
TEST_EQUAL(carry, mbedtls_mpi_core_add(X, A, A, limbs));
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
/* A + A, output aliased to both operands => correct result and carry */
memcpy(X, A, bytes);
TEST_EQUAL(carry, mbedtls_mpi_core_add(X, X, X, limbs));
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
} else {
/* A != B, so test B + A */
/* B + A => correct result and carry */
TEST_EQUAL(carry, mbedtls_mpi_core_add(X, B, A, limbs));
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
/* B + A; alias output and first operand => correct result and carry */
memcpy(X, B, bytes);
TEST_EQUAL(carry, mbedtls_mpi_core_add(X, X, A, limbs));
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
/* B + A; alias output and second operand => correct result and carry */
memcpy(X, A, bytes);
TEST_EQUAL(carry, mbedtls_mpi_core_add(X, B, X, limbs));
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
}
ret = 1;
@ -111,11 +111,11 @@ static int mpi_core_verify_add_if(mbedtls_mpi_uint *A,
/* cond = 0 => X unchanged, no carry */
memcpy(X, A, bytes);
TEST_EQUAL(0, mbedtls_mpi_core_add_if(X, B, limbs, 0));
ASSERT_COMPARE(X, bytes, A, bytes);
TEST_MEMORY_COMPARE(X, bytes, A, bytes);
/* cond = 1 => correct result and carry */
TEST_EQUAL(carry, mbedtls_mpi_core_add_if(X, B, limbs, 1));
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
if (memcmp(A, B, bytes) == 0) {
/* A == B, so test where A and B are aliased */
@ -123,22 +123,22 @@ static int mpi_core_verify_add_if(mbedtls_mpi_uint *A,
/* cond = 0 => X unchanged, no carry */
memcpy(X, B, bytes);
TEST_EQUAL(0, mbedtls_mpi_core_add_if(X, X, limbs, 0));
ASSERT_COMPARE(X, bytes, B, bytes);
TEST_MEMORY_COMPARE(X, bytes, B, bytes);
/* cond = 1 => correct result and carry */
TEST_EQUAL(carry, mbedtls_mpi_core_add_if(X, X, limbs, 1));
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
} else {
/* A != B, so test B + A */
/* cond = 0 => d unchanged, no carry */
memcpy(X, B, bytes);
TEST_EQUAL(0, mbedtls_mpi_core_add_if(X, A, limbs, 0));
ASSERT_COMPARE(X, bytes, B, bytes);
TEST_MEMORY_COMPARE(X, bytes, B, bytes);
/* cond = 1 => correct result and carry */
TEST_EQUAL(carry, mbedtls_mpi_core_add_if(X, A, limbs, 1));
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
}
ret = 1;
@ -358,7 +358,7 @@ void mpi_core_lt_ct(char *input_X, char *input_Y, int exp_ret)
TEST_CF_SECRET(Y, X_limbs * sizeof(mbedtls_mpi_uint));
ret = mbedtls_mpi_core_lt_ct(X, Y, X_limbs);
TEST_EQUAL(ret, exp_ret);
TEST_EQUAL(!!ret, exp_ret);
exit:
mbedtls_free(X);
@ -384,25 +384,25 @@ void mpi_core_uint_le_mpi(char *input_A)
TEST_CF_SECRET(A, A_limbs * sizeof(*A));
TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi(0, A, A_limbs), 1);
TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi(A[0], A, A_limbs), 1);
TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi(0, A, A_limbs), 1);
TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi(A[0], A, A_limbs), 1);
if (is_large) {
TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi(A[0] + 1,
A, A_limbs), 1);
TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1) >> 1,
A, A_limbs), 1);
TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1),
A, A_limbs), 1);
TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi(A[0] + 1,
A, A_limbs), 1);
TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1) >> 1,
A, A_limbs), 1);
TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1),
A, A_limbs), 1);
} else {
TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi(A[0] + 1,
A, A_limbs),
TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi(A[0] + 1,
A, A_limbs),
A[0] + 1 <= A[0]);
TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1) >> 1,
A, A_limbs),
TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1) >> 1,
A, A_limbs),
(mbedtls_mpi_uint) (-1) >> 1 <= A[0]);
TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1),
A, A_limbs),
TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1),
A, A_limbs),
(mbedtls_mpi_uint) (-1) <= A[0]);
}
@ -447,7 +447,7 @@ void mpi_core_cond_assign(char *input_X,
TEST_CF_SECRET(X, bytes);
TEST_CF_SECRET(Y, bytes);
mbedtls_mpi_core_cond_assign(X, Y, copy_limbs, 1);
mbedtls_mpi_core_cond_assign(X, Y, copy_limbs, mbedtls_ct_bool(1));
TEST_CF_PUBLIC(X, bytes);
TEST_CF_PUBLIC(Y, bytes);
@ -458,10 +458,10 @@ void mpi_core_cond_assign(char *input_X,
TEST_CF_PUBLIC(X, bytes);
TEST_CF_PUBLIC(Y, bytes);
ASSERT_COMPARE(X, copy_bytes, Y, copy_bytes);
TEST_MEMORY_COMPARE(X, copy_bytes, Y, copy_bytes);
TEST_ASSERT(memcmp(X, Y, bytes) != 0);
} else {
ASSERT_COMPARE(X, bytes, Y, bytes);
TEST_MEMORY_COMPARE(X, bytes, Y, bytes);
}
exit:
@ -493,10 +493,10 @@ void mpi_core_cond_swap(char *input_X,
TEST_EQUAL(limbs_X, limbs_Y);
TEST_ASSERT(copy_limbs <= limbs);
ASSERT_ALLOC(X, limbs);
TEST_CALLOC(X, limbs);
memcpy(X, tmp_X, bytes);
ASSERT_ALLOC(Y, limbs);
TEST_CALLOC(Y, limbs);
memcpy(Y, tmp_Y, bytes);
/* condition is false */
@ -508,14 +508,14 @@ void mpi_core_cond_swap(char *input_X,
TEST_CF_PUBLIC(X, bytes);
TEST_CF_PUBLIC(Y, bytes);
ASSERT_COMPARE(X, bytes, tmp_X, bytes);
ASSERT_COMPARE(Y, bytes, tmp_Y, bytes);
TEST_MEMORY_COMPARE(X, bytes, tmp_X, bytes);
TEST_MEMORY_COMPARE(Y, bytes, tmp_Y, bytes);
/* condition is true */
TEST_CF_SECRET(X, bytes);
TEST_CF_SECRET(Y, bytes);
mbedtls_mpi_core_cond_swap(X, Y, copy_limbs, 1);
mbedtls_mpi_core_cond_swap(X, Y, copy_limbs, mbedtls_ct_bool(1));
TEST_CF_PUBLIC(X, bytes);
TEST_CF_PUBLIC(Y, bytes);
@ -523,15 +523,15 @@ void mpi_core_cond_swap(char *input_X,
/* Check if the given length is copied even it is smaller
than the length of the given MPIs. */
if (copy_limbs < limbs) {
ASSERT_COMPARE(X, copy_bytes, tmp_Y, copy_bytes);
ASSERT_COMPARE(Y, copy_bytes, tmp_X, copy_bytes);
TEST_MEMORY_COMPARE(X, copy_bytes, tmp_Y, copy_bytes);
TEST_MEMORY_COMPARE(Y, copy_bytes, tmp_X, copy_bytes);
TEST_ASSERT(memcmp(X, tmp_X, bytes) != 0);
TEST_ASSERT(memcmp(X, tmp_Y, bytes) != 0);
TEST_ASSERT(memcmp(Y, tmp_X, bytes) != 0);
TEST_ASSERT(memcmp(Y, tmp_Y, bytes) != 0);
} else {
ASSERT_COMPARE(X, bytes, tmp_Y, bytes);
ASSERT_COMPARE(Y, bytes, tmp_X, bytes);
TEST_MEMORY_COMPARE(X, bytes, tmp_Y, bytes);
TEST_MEMORY_COMPARE(Y, bytes, tmp_X, bytes);
}
exit:
@ -554,7 +554,7 @@ void mpi_core_shift_r(char *input, int count, char *result)
TEST_EQUAL(limbs, n);
mbedtls_mpi_core_shift_r(X, limbs, count);
ASSERT_COMPARE(X, limbs * ciL, Y, limbs * ciL);
TEST_MEMORY_COMPARE(X, limbs * ciL, Y, limbs * ciL);
exit:
mbedtls_free(X);
@ -574,7 +574,7 @@ void mpi_core_shift_l(char *input, int count, char *result)
TEST_EQUAL(limbs, n);
mbedtls_mpi_core_shift_l(X, limbs, count);
ASSERT_COMPARE(X, limbs * ciL, Y, limbs * ciL);
TEST_MEMORY_COMPARE(X, limbs * ciL, Y, limbs * ciL);
exit:
mbedtls_free(X);
@ -601,7 +601,7 @@ void mpi_core_add_and_add_if(char *input_A, char *input_B,
TEST_EQUAL(A_limbs, S_limbs);
size_t limbs = A_limbs;
ASSERT_ALLOC(X, limbs);
TEST_CALLOC(X, limbs);
TEST_ASSERT(mpi_core_verify_add(A, B, limbs, S, carry, X));
TEST_ASSERT(mpi_core_verify_add_if(A, B, limbs, S, carry, X));
@ -646,15 +646,15 @@ void mpi_core_sub(char *input_A, char *input_B,
/* Now let's get arrays of mbedtls_mpi_uints, rather than MPI structures */
/* ASSERT_ALLOC() uses calloc() under the hood, so these do get zeroed */
ASSERT_ALLOC(a, bytes);
ASSERT_ALLOC(b, bytes);
ASSERT_ALLOC(x, bytes);
ASSERT_ALLOC(r, bytes);
/* TEST_CALLOC() uses calloc() under the hood, so these do get zeroed */
TEST_CALLOC(a, bytes);
TEST_CALLOC(b, bytes);
TEST_CALLOC(x, bytes);
TEST_CALLOC(r, bytes);
/* Populate the arrays. As the mbedtls_mpi_uint[]s in mbedtls_mpis (and as
* processed by mbedtls_mpi_core_sub()) are little endian, we can just
* copy what we have as long as MSBs are 0 (which they are from ASSERT_ALLOC())
* copy what we have as long as MSBs are 0 (which they are from TEST_CALLOC())
*/
memcpy(a, A.p, A.n * sizeof(mbedtls_mpi_uint));
memcpy(b, B.p, B.n * sizeof(mbedtls_mpi_uint));
@ -664,7 +664,7 @@ void mpi_core_sub(char *input_A, char *input_B,
TEST_EQUAL(carry, mbedtls_mpi_core_sub(r, a, b, limbs));
/* 1b) r = a - b => we should get the correct result */
ASSERT_COMPARE(r, bytes, x, bytes);
TEST_MEMORY_COMPARE(r, bytes, x, bytes);
/* 2 and 3 test "r may be aliased to a or b" */
/* 2a) r = a; r -= b => we should get the correct carry (use r to avoid clobbering a) */
@ -672,20 +672,20 @@ void mpi_core_sub(char *input_A, char *input_B,
TEST_EQUAL(carry, mbedtls_mpi_core_sub(r, r, b, limbs));
/* 2b) r -= b => we should get the correct result */
ASSERT_COMPARE(r, bytes, x, bytes);
TEST_MEMORY_COMPARE(r, bytes, x, bytes);
/* 3a) r = b; r = a - r => we should get the correct carry (use r to avoid clobbering b) */
memcpy(r, b, bytes);
TEST_EQUAL(carry, mbedtls_mpi_core_sub(r, a, r, limbs));
/* 3b) r = a - b => we should get the correct result */
ASSERT_COMPARE(r, bytes, x, bytes);
TEST_MEMORY_COMPARE(r, bytes, x, bytes);
/* 4 tests "r may be aliased to [...] both" */
if (A.n == B.n && memcmp(A.p, B.p, bytes) == 0) {
memcpy(r, b, bytes);
TEST_EQUAL(carry, mbedtls_mpi_core_sub(r, r, r, limbs));
ASSERT_COMPARE(r, bytes, x, bytes);
TEST_MEMORY_COMPARE(r, bytes, x, bytes);
}
exit:
@ -759,13 +759,13 @@ void mpi_core_mla(char *input_A, char *input_B, char *input_S,
/* Now let's get arrays of mbedtls_mpi_uints, rather than MPI structures */
/* ASSERT_ALLOC() uses calloc() under the hood, so these do get zeroed */
ASSERT_ALLOC(a, bytes);
ASSERT_ALLOC(x, bytes);
/* TEST_CALLOC() uses calloc() under the hood, so these do get zeroed */
TEST_CALLOC(a, bytes);
TEST_CALLOC(x, bytes);
/* Populate the arrays. As the mbedtls_mpi_uint[]s in mbedtls_mpis (and as
* processed by mbedtls_mpi_core_mla()) are little endian, we can just
* copy what we have as long as MSBs are 0 (which they are from ASSERT_ALLOC()).
* copy what we have as long as MSBs are 0 (which they are from TEST_CALLOC()).
*/
memcpy(a, A.p, A.n * sizeof(mbedtls_mpi_uint));
memcpy(x, X->p, X->n * sizeof(mbedtls_mpi_uint));
@ -774,13 +774,13 @@ void mpi_core_mla(char *input_A, char *input_B, char *input_S,
TEST_EQUAL(mbedtls_mpi_core_mla(a, limbs, B.p, B.n, *S.p), *cy->p);
/* 1b) A += B * s => we should get the correct result */
ASSERT_COMPARE(a, bytes, x, bytes);
TEST_MEMORY_COMPARE(a, bytes, x, bytes);
if (A.n == B.n && memcmp(A.p, B.p, bytes) == 0) {
/* Check when A and B are aliased */
memcpy(a, A.p, A.n * sizeof(mbedtls_mpi_uint));
TEST_EQUAL(mbedtls_mpi_core_mla(a, limbs, a, limbs, *S.p), *cy->p);
ASSERT_COMPARE(a, bytes, x, bytes);
TEST_MEMORY_COMPARE(a, bytes, x, bytes);
}
exit:
@ -890,14 +890,14 @@ void mpi_core_montmul(int limbs_AN4, int limbs_B4,
mbedtls_mpi_core_montmul(R.p, A.p, B.p, B.n, N.p, N.n, mm, T.p);
size_t bytes = N.n * sizeof(mbedtls_mpi_uint);
ASSERT_COMPARE(R.p, bytes, X->p, bytes);
TEST_MEMORY_COMPARE(R.p, bytes, X->p, bytes);
/* The output (R, above) may be aliased to A - use R to save the value of A */
memcpy(R.p, A.p, bytes);
mbedtls_mpi_core_montmul(A.p, A.p, B.p, B.n, N.p, N.n, mm, T.p);
ASSERT_COMPARE(A.p, bytes, X->p, bytes);
TEST_MEMORY_COMPARE(A.p, bytes, X->p, bytes);
memcpy(A.p, R.p, bytes); /* restore A */
@ -906,7 +906,7 @@ void mpi_core_montmul(int limbs_AN4, int limbs_B4,
memcpy(R.p, N.p, bytes);
mbedtls_mpi_core_montmul(N.p, A.p, B.p, B.n, N.p, N.n, mm, T.p);
ASSERT_COMPARE(N.p, bytes, X->p, bytes);
TEST_MEMORY_COMPARE(N.p, bytes, X->p, bytes);
memcpy(N.p, R.p, bytes);
@ -917,7 +917,7 @@ void mpi_core_montmul(int limbs_AN4, int limbs_B4,
* don't bother with yet another test with only A and B aliased */
mbedtls_mpi_core_montmul(B.p, B.p, B.p, B.n, N.p, N.n, mm, T.p);
ASSERT_COMPARE(B.p, bytes, X->p, bytes);
TEST_MEMORY_COMPARE(B.p, bytes, X->p, bytes);
memcpy(B.p, A.p, bytes); /* restore B from equal value A */
}
@ -925,7 +925,7 @@ void mpi_core_montmul(int limbs_AN4, int limbs_B4,
/* The output may be aliased to B - last test, so we don't save B */
mbedtls_mpi_core_montmul(B.p, A.p, B.p, B.n, N.p, N.n, mm, T.p);
ASSERT_COMPARE(B.p, bytes, X->p, bytes);
TEST_MEMORY_COMPARE(B.p, bytes, X->p, bytes);
}
exit:
@ -1017,8 +1017,8 @@ void mpi_core_ct_uint_table_lookup(int bitlen, int window_size)
mbedtls_mpi_uint *table = NULL;
mbedtls_mpi_uint *dest = NULL;
ASSERT_ALLOC(table, limbs * count);
ASSERT_ALLOC(dest, limbs);
TEST_CALLOC(table, limbs * count);
TEST_CALLOC(dest, limbs);
/*
* Fill the table with a unique counter so that differences are easily
@ -1046,8 +1046,8 @@ void mpi_core_ct_uint_table_lookup(int bitlen, int window_size)
TEST_CF_PUBLIC(dest, limbs * sizeof(*dest));
TEST_CF_PUBLIC(table, count * limbs * sizeof(*table));
ASSERT_COMPARE(dest, limbs * sizeof(*dest),
current, limbs * sizeof(*current));
TEST_MEMORY_COMPARE(dest, limbs * sizeof(*dest),
current, limbs * sizeof(*current));
TEST_CF_PUBLIC(&i, sizeof(i));
}
@ -1070,7 +1070,7 @@ void mpi_core_fill_random(int wanted_bytes_arg, int extra_rng_bytes,
int ret;
/* Prepare an RNG with known output, limited to rng_bytes. */
ASSERT_ALLOC(rnd_data, rng_bytes);
TEST_CALLOC(rnd_data, rng_bytes);
TEST_EQUAL(0, mbedtls_test_rnd_std_rand(NULL, rnd_data, rng_bytes));
rnd_info.buf = rnd_data;
@ -1078,7 +1078,7 @@ void mpi_core_fill_random(int wanted_bytes_arg, int extra_rng_bytes,
* extra_limbs may be negative but the total limb count must be positive.
* Fill the MPI with the byte value in before. */
TEST_LE_U(1, X_limbs);
ASSERT_ALLOC(X, X_limbs);
TEST_CALLOC(X, X_limbs);
memset(X, before, X_limbs * sizeof(*X));
ret = mbedtls_mpi_core_fill_random(X, X_limbs, wanted_bytes,
@ -1128,14 +1128,14 @@ void mpi_core_mul(char *input_A,
const size_t X_limbs = A_limbs + B_limbs;
const size_t X_bytes = X_limbs * sizeof(mbedtls_mpi_uint);
ASSERT_ALLOC(X, X_limbs);
TEST_CALLOC(X, X_limbs);
const size_t A_bytes = A_limbs * sizeof(mbedtls_mpi_uint);
ASSERT_ALLOC(A_orig, A_limbs);
TEST_CALLOC(A_orig, A_limbs);
memcpy(A_orig, A, A_bytes);
const size_t B_bytes = B_limbs * sizeof(mbedtls_mpi_uint);
ASSERT_ALLOC(B_orig, B_limbs);
TEST_CALLOC(B_orig, B_limbs);
memcpy(B_orig, B, B_bytes);
/* Set result to something that is unlikely to be correct */
@ -1143,24 +1143,24 @@ void mpi_core_mul(char *input_A,
/* 1. X = A * B - result should be correct, A and B unchanged */
mbedtls_mpi_core_mul(X, A, A_limbs, B, B_limbs);
ASSERT_COMPARE(X, X_bytes, R, X_bytes);
ASSERT_COMPARE(A, A_bytes, A_orig, A_bytes);
ASSERT_COMPARE(B, B_bytes, B_orig, B_bytes);
TEST_MEMORY_COMPARE(X, X_bytes, R, X_bytes);
TEST_MEMORY_COMPARE(A, A_bytes, A_orig, A_bytes);
TEST_MEMORY_COMPARE(B, B_bytes, B_orig, B_bytes);
/* 2. A == B: alias A and B - result should be correct, A and B unchanged */
if (A_bytes == B_bytes && memcmp(A, B, A_bytes) == 0) {
memset(X, '!', X_bytes);
mbedtls_mpi_core_mul(X, A, A_limbs, A, A_limbs);
ASSERT_COMPARE(X, X_bytes, R, X_bytes);
ASSERT_COMPARE(A, A_bytes, A_orig, A_bytes);
TEST_MEMORY_COMPARE(X, X_bytes, R, X_bytes);
TEST_MEMORY_COMPARE(A, A_bytes, A_orig, A_bytes);
}
/* 3. X = B * A - result should be correct, A and B unchanged */
else {
memset(X, '!', X_bytes);
mbedtls_mpi_core_mul(X, B, B_limbs, A, A_limbs);
ASSERT_COMPARE(X, X_bytes, R, X_bytes);
ASSERT_COMPARE(A, A_bytes, A_orig, A_bytes);
ASSERT_COMPARE(B, B_bytes, B_orig, B_bytes);
TEST_MEMORY_COMPARE(X, X_bytes, R, X_bytes);
TEST_MEMORY_COMPARE(A, A_bytes, A_orig, A_bytes);
TEST_MEMORY_COMPARE(B, B_bytes, B_orig, B_bytes);
}
exit:
@ -1195,7 +1195,7 @@ void mpi_core_exp_mod(char *input_N, char *input_A,
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&E, &E_limbs, input_E));
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &N_limbs, input_N));
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&X, &X_limbs, input_X));
ASSERT_ALLOC(Y, N_limbs);
TEST_CALLOC(Y, N_limbs);
TEST_EQUAL(A_limbs, N_limbs);
TEST_EQUAL(X_limbs, N_limbs);
@ -1227,7 +1227,7 @@ void mpi_core_exp_mod(char *input_N, char *input_A,
TEST_LE_U(mbedtls_mpi_core_montmul_working_limbs(N_limbs),
working_limbs);
ASSERT_ALLOC(T, working_limbs);
TEST_CALLOC(T, working_limbs);
mbedtls_mpi_core_exp_mod(Y, A, N, N_limbs, E, E_limbs, R2, T);
@ -1277,10 +1277,11 @@ void mpi_core_sub_int(char *input_A, char *input_B,
TEST_EQUAL(A_limbs, X_limbs);
size_t limbs = A_limbs;
ASSERT_ALLOC(R, limbs);
TEST_CALLOC(R, limbs);
#define TEST_COMPARE_CORE_MPIS(A, B, limbs) \
ASSERT_COMPARE(A, (limbs) * sizeof(mbedtls_mpi_uint), B, (limbs) * sizeof(mbedtls_mpi_uint))
TEST_MEMORY_COMPARE(A, (limbs) * sizeof(mbedtls_mpi_uint), \
B, (limbs) * sizeof(mbedtls_mpi_uint))
/* 1. R = A - b. Result and borrow should be correct */
TEST_EQUAL(mbedtls_mpi_core_sub_int(R, A, B[0], limbs), borrow);

57
tests/suites/test_suite_bignum_mod.function
View File

@ -7,8 +7,8 @@
#include "test/constant_flow.h"
#define TEST_COMPARE_MPI_RESIDUES(a, b) \
ASSERT_COMPARE((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \
(b).p, (b).limbs * sizeof(mbedtls_mpi_uint))
TEST_MEMORY_COMPARE((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \
(b).p, (b).limbs * sizeof(mbedtls_mpi_uint))
static int test_read_residue(mbedtls_mpi_mod_residue *r,
const mbedtls_mpi_mod_modulus *m,
@ -35,7 +35,7 @@ static int test_read_residue(mbedtls_mpi_mod_residue *r,
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_BIGNUM_C
* depends_on:MBEDTLS_BIGNUM_C:MBEDTLS_ECP_WITH_MPI_UINT
* END_DEPENDENCIES
*/
@ -123,47 +123,47 @@ void mpi_mod_mul(char *input_A,
TEST_EQUAL(rB.limbs, limbs);
TEST_EQUAL(rR.limbs, limbs);
ASSERT_ALLOC(X, limbs);
TEST_CALLOC(X, limbs);
TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rX, &m, X, limbs), 0);
TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rB, &m), 0);
ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
TEST_MEMORY_COMPARE(rX.p, bytes, rR.p, bytes);
/* alias X to A */
memcpy(rX.p, rA.p, bytes);
TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rX, &rB, &m), 0);
ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
TEST_MEMORY_COMPARE(rX.p, bytes, rR.p, bytes);
/* alias X to B */
memcpy(rX.p, rB.p, bytes);
TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rX, &m), 0);
ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
TEST_MEMORY_COMPARE(rX.p, bytes, rR.p, bytes);
/* A == B: alias A and B */
if (memcmp(rA.p, rB.p, bytes) == 0) {
TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rA, &m), 0);
ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
TEST_MEMORY_COMPARE(rX.p, bytes, rR.p, bytes);
/* X, A, B all aliased together */
memcpy(rX.p, rA.p, bytes);
TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rX, &rX, &m), 0);
ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
TEST_MEMORY_COMPARE(rX.p, bytes, rR.p, bytes);
}
/* A != B: test B * A */
else {
TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rB, &rA, &m), 0);
ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
TEST_MEMORY_COMPARE(rX.p, bytes, rR.p, bytes);
/* B * A: alias X to A */
memcpy(rX.p, rA.p, bytes);
TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rB, &rX, &m), 0);
ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
TEST_MEMORY_COMPARE(rX.p, bytes, rR.p, bytes);
/* B + A: alias X to B */
memcpy(rX.p, rB.p, bytes);
TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rX, &rA, &m), 0);
ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
TEST_MEMORY_COMPARE(rX.p, bytes, rR.p, bytes);
}
exit:
@ -206,7 +206,7 @@ void mpi_mod_mul_neg(char *input_A,
const size_t limbs = m.limbs;
ASSERT_ALLOC(X, limbs);
TEST_CALLOC(X, limbs);
TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rX, &m, X, limbs), 0);
rX.limbs = rR.limbs;
@ -259,7 +259,7 @@ void mpi_mod_sub(char *input_N,
if (expected_ret == 0) {
/* Negative test with too many limbs in output */
ASSERT_ALLOC(X_raw, limbs + 1);
TEST_CALLOC(X_raw, limbs + 1);
x.p = X_raw;
x.limbs = limbs + 1;
@ -271,7 +271,7 @@ void mpi_mod_sub(char *input_N,
/* Negative test with too few limbs in output */
if (limbs > 1) {
ASSERT_ALLOC(X_raw, limbs - 1);
TEST_CALLOC(X_raw, limbs - 1);
x.p = X_raw;
x.limbs = limbs - 1;
@ -286,7 +286,7 @@ void mpi_mod_sub(char *input_N,
* manually-written test cases with expected_ret != 0. */
}
ASSERT_ALLOC(X_raw, limbs);
TEST_CALLOC(X_raw, limbs);
TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &m, X_raw, limbs));
@ -358,7 +358,7 @@ void mpi_mod_inv_mont(char *input_N,
size_t limbs = N.limbs;
size_t bytes = limbs * sizeof(*X_raw);
ASSERT_ALLOC(X_raw, limbs);
TEST_CALLOC(X_raw, limbs);
TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &N, X_raw, limbs));
@ -408,7 +408,7 @@ void mpi_mod_inv_non_mont(char *input_N,
size_t limbs = N.limbs;
size_t bytes = limbs * sizeof(*X_raw);
ASSERT_ALLOC(X_raw, limbs);
TEST_CALLOC(X_raw, limbs);
TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &N, X_raw, limbs));
@ -462,7 +462,7 @@ void mpi_mod_add(char *input_N,
if (expected_ret == 0) {
/* Negative test with too many limbs in output */
ASSERT_ALLOC(X_raw, limbs + 1);
TEST_CALLOC(X_raw, limbs + 1);
x.p = X_raw;
x.limbs = limbs + 1;
@ -474,7 +474,7 @@ void mpi_mod_add(char *input_N,
/* Negative test with too few limbs in output */
if (limbs > 1) {
ASSERT_ALLOC(X_raw, limbs - 1);
TEST_CALLOC(X_raw, limbs - 1);
x.p = X_raw;
x.limbs = limbs - 1;
@ -490,7 +490,7 @@ void mpi_mod_add(char *input_N,
}
/* Allocate correct number of limbs for X_raw */
ASSERT_ALLOC(X_raw, limbs);
TEST_CALLOC(X_raw, limbs);
TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &m, X_raw, limbs));
@ -582,7 +582,7 @@ void mpi_mod_io_neg(char *input_N, data_t *buf, int ret)
size_t n_limbs;
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &n_limbs, input_N));
size_t r_limbs = n_limbs;
ASSERT_ALLOC(R, r_limbs);
TEST_CALLOC(R, r_limbs);
/* modulus->p == NULL || residue->p == NULL ( m has not been set-up ) */
TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
@ -658,8 +658,8 @@ void mpi_mod_io(char *input_N, data_t *input_A, int endian)
a_bytes = input_A->len;
/* Allocate the memory for intermediate data structures */
ASSERT_ALLOC(R, n_bytes);
ASSERT_ALLOC(R_COPY, n_bytes);
TEST_CALLOC(R, n_bytes);
TEST_CALLOC(R_COPY, n_bytes);
/* Test that input's size is not greater to modulo's */
TEST_LE_U(a_bytes, n_bytes);
@ -698,14 +698,14 @@ void mpi_mod_io(char *input_N, data_t *input_A, int endian)
obuf_sizes[2] = a_bytes + 8;
for (size_t i = 0; i < obuf_sizes_len; i++) {
ASSERT_ALLOC(obuf, obuf_sizes[i]);
TEST_CALLOC(obuf, obuf_sizes[i]);
TEST_EQUAL(0, mbedtls_mpi_mod_write(&r, &m, obuf, obuf_sizes[i], endian));
/* Make sure that writing didn't corrupt the value of r */
ASSERT_COMPARE(r.p, r.limbs, r_copy.p, r_copy.limbs);
TEST_MEMORY_COMPARE(r.p, r.limbs, r_copy.p, r_copy.limbs);
/* Set up reference output for checking the result */
ASSERT_ALLOC(ref_buf, obuf_sizes[i]);
TEST_CALLOC(ref_buf, obuf_sizes[i]);
switch (endian) {
case MBEDTLS_MPI_MOD_EXT_REP_LE:
memcpy(ref_buf, input_A->x, a_bytes_trimmed);
@ -723,7 +723,7 @@ void mpi_mod_io(char *input_N, data_t *input_A, int endian)
}
/* Check the result */
ASSERT_COMPARE(obuf, obuf_sizes[i], ref_buf, obuf_sizes[i]);
TEST_MEMORY_COMPARE(obuf, obuf_sizes[i], ref_buf, obuf_sizes[i]);
mbedtls_free(ref_buf);
ref_buf = NULL;
@ -737,5 +737,6 @@ exit:
mbedtls_free(R);
mbedtls_free(R_COPY);
mbedtls_free(obuf);
mbedtls_free(ref_buf);
}
/* END_CASE */

124
tests/suites/test_suite_bignum_mod_raw.function
View File

@ -11,7 +11,7 @@
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_BIGNUM_C
* depends_on:MBEDTLS_BIGNUM_C:MBEDTLS_ECP_WITH_MPI_UINT
* END_DEPENDENCIES
*/
@ -133,7 +133,7 @@ void mpi_mod_raw_cond_assign(char *input_X,
TEST_EQUAL(limbs_X, limbs_Y);
TEST_ASSERT(copy_limbs <= limbs);
ASSERT_ALLOC(buff_m, copy_limbs);
TEST_CALLOC(buff_m, copy_limbs);
memset(buff_m, 0xFF, copy_limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, buff_m, copy_limbs), 0);
@ -161,10 +161,10 @@ void mpi_mod_raw_cond_assign(char *input_X,
/* Check if the given length is copied even it is smaller
than the length of the given MPIs. */
if (copy_limbs < limbs) {
ASSERT_COMPARE(X, copy_bytes, Y, copy_bytes);
TEST_MEMORY_COMPARE(X, copy_bytes, Y, copy_bytes);
TEST_ASSERT(memcmp(X, Y, bytes) != 0);
} else {
ASSERT_COMPARE(X, bytes, Y, bytes);
TEST_MEMORY_COMPARE(X, bytes, Y, bytes);
}
exit:
@ -203,15 +203,15 @@ void mpi_mod_raw_cond_swap(char *input_X,
TEST_EQUAL(limbs_X, limbs_Y);
TEST_ASSERT(copy_limbs <= limbs);
ASSERT_ALLOC(buff_m, copy_limbs);
TEST_CALLOC(buff_m, copy_limbs);
memset(buff_m, 0xFF, copy_limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, buff_m, copy_limbs), 0);
ASSERT_ALLOC(X, limbs);
TEST_CALLOC(X, limbs);
memcpy(X, tmp_X, bytes);
ASSERT_ALLOC(Y, bytes);
TEST_CALLOC(Y, bytes);
memcpy(Y, tmp_Y, bytes);
/* condition is false */
@ -223,8 +223,8 @@ void mpi_mod_raw_cond_swap(char *input_X,
TEST_CF_PUBLIC(X, bytes);
TEST_CF_PUBLIC(Y, bytes);
ASSERT_COMPARE(X, bytes, tmp_X, bytes);
ASSERT_COMPARE(Y, bytes, tmp_Y, bytes);
TEST_MEMORY_COMPARE(X, bytes, tmp_X, bytes);
TEST_MEMORY_COMPARE(Y, bytes, tmp_Y, bytes);
/* condition is true */
TEST_CF_SECRET(X, bytes);
@ -238,15 +238,15 @@ void mpi_mod_raw_cond_swap(char *input_X,
/* Check if the given length is copied even it is smaller
than the length of the given MPIs. */
if (copy_limbs < limbs) {
ASSERT_COMPARE(X, copy_bytes, tmp_Y, copy_bytes);
ASSERT_COMPARE(Y, copy_bytes, tmp_X, copy_bytes);
TEST_MEMORY_COMPARE(X, copy_bytes, tmp_Y, copy_bytes);
TEST_MEMORY_COMPARE(Y, copy_bytes, tmp_X, copy_bytes);
TEST_ASSERT(memcmp(X, tmp_X, bytes) != 0);
TEST_ASSERT(memcmp(X, tmp_Y, bytes) != 0);
TEST_ASSERT(memcmp(Y, tmp_X, bytes) != 0);
TEST_ASSERT(memcmp(Y, tmp_Y, bytes) != 0);
} else {
ASSERT_COMPARE(X, bytes, tmp_Y, bytes);
ASSERT_COMPARE(Y, bytes, tmp_X, bytes);
TEST_MEMORY_COMPARE(X, bytes, tmp_Y, bytes);
TEST_MEMORY_COMPARE(Y, bytes, tmp_X, bytes);
}
exit:
@ -291,33 +291,33 @@ void mpi_mod_raw_sub(char *input_A,
TEST_EQUAL(limbs_B, limbs);
TEST_EQUAL(limbs_res, limbs);
ASSERT_ALLOC(X, limbs);
TEST_CALLOC(X, limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs), 0);
mbedtls_mpi_mod_raw_sub(X, A, B, &m);
ASSERT_COMPARE(X, bytes, res, bytes);
TEST_MEMORY_COMPARE(X, bytes, res, bytes);
/* alias X to A */
memcpy(X, A, bytes);
mbedtls_mpi_mod_raw_sub(X, X, B, &m);
ASSERT_COMPARE(X, bytes, res, bytes);
TEST_MEMORY_COMPARE(X, bytes, res, bytes);
/* alias X to B */
memcpy(X, B, bytes);
mbedtls_mpi_mod_raw_sub(X, A, X, &m);
ASSERT_COMPARE(X, bytes, res, bytes);
TEST_MEMORY_COMPARE(X, bytes, res, bytes);
/* A == B: alias A and B */
if (memcmp(A, B, bytes) == 0) {
mbedtls_mpi_mod_raw_sub(X, A, A, &m);
ASSERT_COMPARE(X, bytes, res, bytes);
TEST_MEMORY_COMPARE(X, bytes, res, bytes);
/* X, A, B all aliased together */
memcpy(X, A, bytes);
mbedtls_mpi_mod_raw_sub(X, X, X, &m);
ASSERT_COMPARE(X, bytes, res, bytes);
TEST_MEMORY_COMPARE(X, bytes, res, bytes);
}
exit:
mbedtls_free(A);
@ -356,7 +356,7 @@ void mpi_mod_raw_fix_quasi_reduction(char *input_N,
TEST_EQUAL(limbs_X, limbs);
TEST_EQUAL(limbs_res, limbs);
ASSERT_ALLOC(tmp, limbs);
TEST_CALLOC(tmp, limbs);
memcpy(tmp, X, bytes);
/* Check that 0 <= X < 2N */
@ -367,7 +367,7 @@ void mpi_mod_raw_fix_quasi_reduction(char *input_N,
&m, N, limbs), 0);
mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m);
ASSERT_COMPARE(X, bytes, res, bytes);
TEST_MEMORY_COMPARE(X, bytes, res, bytes);
exit:
mbedtls_free(X);
@ -411,51 +411,51 @@ void mpi_mod_raw_mul(char *input_A,
TEST_EQUAL(limbs_B, limbs);
TEST_EQUAL(limbs_R, limbs);
ASSERT_ALLOC(X, limbs);
TEST_CALLOC(X, limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs), 0);
const size_t limbs_T = limbs * 2 + 1;
ASSERT_ALLOC(T, limbs_T);
TEST_CALLOC(T, limbs_T);
mbedtls_mpi_mod_raw_mul(X, A, B, &m, T);
ASSERT_COMPARE(X, bytes, R, bytes);
TEST_MEMORY_COMPARE(X, bytes, R, bytes);
/* alias X to A */
memcpy(X, A, bytes);
mbedtls_mpi_mod_raw_mul(X, X, B, &m, T);
ASSERT_COMPARE(X, bytes, R, bytes);
TEST_MEMORY_COMPARE(X, bytes, R, bytes);
/* alias X to B */
memcpy(X, B, bytes);
mbedtls_mpi_mod_raw_mul(X, A, X, &m, T);
ASSERT_COMPARE(X, bytes, R, bytes);
TEST_MEMORY_COMPARE(X, bytes, R, bytes);
/* A == B: alias A and B */
if (memcmp(A, B, bytes) == 0) {
mbedtls_mpi_mod_raw_mul(X, A, A, &m, T);
ASSERT_COMPARE(X, bytes, R, bytes);
TEST_MEMORY_COMPARE(X, bytes, R, bytes);
/* X, A, B all aliased together */
memcpy(X, A, bytes);
mbedtls_mpi_mod_raw_mul(X, X, X, &m, T);
ASSERT_COMPARE(X, bytes, R, bytes);
TEST_MEMORY_COMPARE(X, bytes, R, bytes);
}
/* A != B: test B * A */
else {
mbedtls_mpi_mod_raw_mul(X, B, A, &m, T);
ASSERT_COMPARE(X, bytes, R, bytes);
TEST_MEMORY_COMPARE(X, bytes, R, bytes);
/* B * A: alias X to A */
memcpy(X, A, bytes);
mbedtls_mpi_mod_raw_mul(X, B, X, &m, T);
ASSERT_COMPARE(X, bytes, R, bytes);
TEST_MEMORY_COMPARE(X, bytes, R, bytes);
/* B + A: alias X to B */
memcpy(X, B, bytes);
mbedtls_mpi_mod_raw_mul(X, X, A, &m, T);
ASSERT_COMPARE(X, bytes, R, bytes);
TEST_MEMORY_COMPARE(X, bytes, R, bytes);
}
exit:
@ -489,7 +489,7 @@ void mpi_mod_raw_inv_prime(char *input_N, char *input_A, char *input_X)
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&A, &A_limbs, input_A));
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &N_limbs, input_N));
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&X, &X_limbs, input_X));
ASSERT_ALLOC(Y, N_limbs);
TEST_CALLOC(Y, N_limbs);
TEST_EQUAL(A_limbs, N_limbs);
TEST_EQUAL(X_limbs, N_limbs);
@ -519,7 +519,7 @@ void mpi_mod_raw_inv_prime(char *input_N, char *input_A, char *input_X)
TEST_LE_U(mbedtls_mpi_core_montmul_working_limbs(N_limbs),
working_limbs);
ASSERT_ALLOC(T, working_limbs);
TEST_CALLOC(T, working_limbs);
mbedtls_mpi_mod_raw_inv_prime(Y, A, N, N_limbs, R2, T);
@ -571,52 +571,52 @@ void mpi_mod_raw_add(char *input_N,
TEST_EQUAL(B_limbs, limbs);
TEST_EQUAL(S_limbs, limbs);
ASSERT_ALLOC(X, limbs);
TEST_CALLOC(X, limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs), 0);
/* A + B => Correct result */
mbedtls_mpi_mod_raw_add(X, A, B, &m);
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
/* A + B: alias X to A => Correct result */
memcpy(X, A, bytes);
mbedtls_mpi_mod_raw_add(X, X, B, &m);
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
/* A + B: alias X to B => Correct result */
memcpy(X, B, bytes);
mbedtls_mpi_mod_raw_add(X, A, X, &m);
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
if (memcmp(A, B, bytes) == 0) {
/* A == B: alias A and B */
/* A + A => Correct result */
mbedtls_mpi_mod_raw_add(X, A, A, &m);
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
/* A + A: X, A, B all aliased together => Correct result */
memcpy(X, A, bytes);
mbedtls_mpi_mod_raw_add(X, X, X, &m);
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
} else {
/* A != B: test B + A */
/* B + A => Correct result */
mbedtls_mpi_mod_raw_add(X, B, A, &m);
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
/* B + A: alias X to A => Correct result */
memcpy(X, A, bytes);
mbedtls_mpi_mod_raw_add(X, B, X, &m);
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
/* B + A: alias X to B => Correct result */
memcpy(X, B, bytes);
mbedtls_mpi_mod_raw_add(X, X, A, &m);
ASSERT_COMPARE(X, bytes, S, bytes);
TEST_MEMORY_COMPARE(X, bytes, S, bytes);
}
exit:
@ -647,8 +647,8 @@ void mpi_mod_raw_canonical_to_modulus_rep(const char *input_N, int rep,
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&X, &X_limbs, input_X));
TEST_EQUAL(0, mbedtls_mpi_mod_raw_canonical_to_modulus_rep(A, &N));
ASSERT_COMPARE(A, A_limbs * sizeof(mbedtls_mpi_uint),
X, X_limbs * sizeof(mbedtls_mpi_uint));
TEST_MEMORY_COMPARE(A, A_limbs * sizeof(mbedtls_mpi_uint),
X, X_limbs * sizeof(mbedtls_mpi_uint));
exit:
mbedtls_test_mpi_mod_modulus_free_with_limbs(&N);
@ -674,8 +674,8 @@ void mpi_mod_raw_modulus_to_canonical_rep(const char *input_N, int rep,
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&X, &X_limbs, input_X));
TEST_EQUAL(0, mbedtls_mpi_mod_raw_modulus_to_canonical_rep(A, &N));
ASSERT_COMPARE(A, A_limbs * sizeof(mbedtls_mpi_uint),
X, X_limbs * sizeof(mbedtls_mpi_uint));
TEST_MEMORY_COMPARE(A, A_limbs * sizeof(mbedtls_mpi_uint),
X, X_limbs * sizeof(mbedtls_mpi_uint));
exit:
mbedtls_test_mpi_mod_modulus_free_with_limbs(&N);
@ -718,25 +718,25 @@ void mpi_mod_raw_to_mont_rep(char *input_N, char *input_A, char *input_X)
/* It has separate output, and requires temporary working storage */
size_t temp_limbs = mbedtls_mpi_core_montmul_working_limbs(limbs);
ASSERT_ALLOC(T, temp_limbs);
ASSERT_ALLOC(R, limbs);
TEST_CALLOC(T, temp_limbs);
TEST_CALLOC(R, limbs);
mbedtls_mpi_core_to_mont_rep(R, A, N, n_limbs,
m.rep.mont.mm, m.rep.mont.rr, T);
/* Test that the low-level function gives the required value */
ASSERT_COMPARE(R, bytes, X, bytes);
TEST_MEMORY_COMPARE(R, bytes, X, bytes);
/* Test when output is aliased to input */
memcpy(R, A, bytes);
mbedtls_mpi_core_to_mont_rep(R, R, N, n_limbs,
m.rep.mont.mm, m.rep.mont.rr, T);
ASSERT_COMPARE(R, bytes, X, bytes);
TEST_MEMORY_COMPARE(R, bytes, X, bytes);
/* 2. Test higher-level cannonical to Montgomery conversion */
TEST_EQUAL(0, mbedtls_mpi_mod_raw_to_mont_rep(A, &m));
/* The result matches expected value */
ASSERT_COMPARE(A, bytes, X, bytes);
TEST_MEMORY_COMPARE(A, bytes, X, bytes);
exit:
mbedtls_mpi_mod_modulus_free(&m);
@ -782,25 +782,25 @@ void mpi_mod_raw_from_mont_rep(char *input_N, char *input_A, char *input_X)
/* It has separate output, and requires temporary working storage */
size_t temp_limbs = mbedtls_mpi_core_montmul_working_limbs(limbs);
ASSERT_ALLOC(T, temp_limbs);
ASSERT_ALLOC(R, limbs);
TEST_CALLOC(T, temp_limbs);
TEST_CALLOC(R, limbs);
mbedtls_mpi_core_from_mont_rep(R, A, N, n_limbs,
m.rep.mont.mm, T);
/* Test that the low-level function gives the required value */
ASSERT_COMPARE(R, bytes, X, bytes);
TEST_MEMORY_COMPARE(R, bytes, X, bytes);
/* Test when output is aliased to input */
memcpy(R, A, bytes);
mbedtls_mpi_core_from_mont_rep(R, R, N, n_limbs,
m.rep.mont.mm, T);
ASSERT_COMPARE(R, bytes, X, bytes);
TEST_MEMORY_COMPARE(R, bytes, X, bytes);
/* 2. Test higher-level Montgomery to cannonical conversion */
TEST_EQUAL(0, mbedtls_mpi_mod_raw_from_mont_rep(A, &m));
/* The result matches expected value */
ASSERT_COMPARE(A, bytes, X, bytes);
TEST_MEMORY_COMPARE(A, bytes, X, bytes);
exit:
mbedtls_mpi_mod_modulus_free(&m);
@ -834,26 +834,26 @@ void mpi_mod_raw_neg(char *input_N, char *input_A, char *input_X)
TEST_EQUAL(x_limbs, n_limbs);
bytes = n_limbs * sizeof(mbedtls_mpi_uint);
ASSERT_ALLOC(R, n_limbs);
ASSERT_ALLOC(Z, n_limbs);
TEST_CALLOC(R, n_limbs);
TEST_CALLOC(Z, n_limbs);
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
/* Neg( A == 0 ) => Zero result */
mbedtls_mpi_mod_raw_neg(R, Z, &m);
ASSERT_COMPARE(R, bytes, Z, bytes);
TEST_MEMORY_COMPARE(R, bytes, Z, bytes);
/* Neg( A == N ) => Zero result */
mbedtls_mpi_mod_raw_neg(R, N, &m);
ASSERT_COMPARE(R, bytes, Z, bytes);
TEST_MEMORY_COMPARE(R, bytes, Z, bytes);
/* Neg( A ) => Correct result */
mbedtls_mpi_mod_raw_neg(R, A, &m);
ASSERT_COMPARE(R, bytes, X, bytes);
TEST_MEMORY_COMPARE(R, bytes, X, bytes);
/* Neg( A ): alias A to R => Correct result */
mbedtls_mpi_mod_raw_neg(A, A, &m);
ASSERT_COMPARE(A, bytes, X, bytes);
TEST_MEMORY_COMPARE(A, bytes, X, bytes);
exit:
mbedtls_mpi_mod_modulus_free(&m);
mbedtls_free(N);

56
tests/suites/test_suite_bignum_random.function
View File

@ -124,9 +124,9 @@ void mpi_core_random_basic(int min, char *bound_bytes, int expected_ret)
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&upper_bound, &limbs,
bound_bytes));
ASSERT_ALLOC(lower_bound, limbs);
TEST_CALLOC(lower_bound, limbs);
lower_bound[0] = min;
ASSERT_ALLOC(result, limbs);
TEST_CALLOC(result, limbs);
TEST_EQUAL(expected_ret,
mbedtls_mpi_core_random(result, min, upper_bound, limbs,
@ -134,7 +134,7 @@ void mpi_core_random_basic(int min, char *bound_bytes, int expected_ret)
if (expected_ret == 0) {
TEST_EQUAL(0, mbedtls_mpi_core_lt_ct(result, lower_bound, limbs));
TEST_EQUAL(1, mbedtls_mpi_core_lt_ct(result, upper_bound, limbs));
TEST_ASSERT(0 != mbedtls_mpi_core_lt_ct(result, upper_bound, limbs));
}
exit:
@ -159,7 +159,7 @@ void mpi_legacy_random_values(int min, char *max_hex)
TEST_EQUAL(0, mbedtls_test_read_mpi(&max_legacy, max_hex));
size_t limbs = max_legacy.n;
ASSERT_ALLOC(R_core, limbs);
TEST_CALLOC(R_core, limbs);
/* Call the legacy function and the core function with the same random
* stream. */
@ -174,16 +174,16 @@ void mpi_legacy_random_values(int min, char *max_hex)
* same number, with the same limb count. */
TEST_EQUAL(core_ret, legacy_ret);
if (core_ret == 0) {
ASSERT_COMPARE(R_core, limbs * ciL,
R_legacy.p, R_legacy.n * ciL);
TEST_MEMORY_COMPARE(R_core, limbs * ciL,
R_legacy.p, R_legacy.n * ciL);
}
/* Also check that they have consumed the RNG in the same way. */
/* This may theoretically fail on rare platforms with padding in
* the structure! If this is a problem in practice, change to a
* field-by-field comparison. */
ASSERT_COMPARE(&rnd_core, sizeof(rnd_core),
&rnd_legacy, sizeof(rnd_legacy));
TEST_MEMORY_COMPARE(&rnd_core, sizeof(rnd_core),
&rnd_legacy, sizeof(rnd_legacy));
exit:
mbedtls_mpi_free(&max_legacy);
@ -192,7 +192,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_WITH_MPI_UINT */
void mpi_mod_random_values(int min, char *max_hex, int rep)
{
/* Same RNG as in mpi_core_random_basic */
@ -209,9 +209,9 @@ void mpi_mod_random_values(int min, char *max_hex, int rep)
mbedtls_mpi_mod_modulus_init(&N);
TEST_EQUAL(mbedtls_test_read_mpi_modulus(&N, max_hex, rep), 0);
ASSERT_ALLOC(R_core, N.limbs);
ASSERT_ALLOC(R_mod_raw, N.limbs);
ASSERT_ALLOC(R_mod_digits, N.limbs);
TEST_CALLOC(R_core, N.limbs);
TEST_CALLOC(R_mod_raw, N.limbs);
TEST_CALLOC(R_mod_digits, N.limbs);
TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&R_mod, &N,
R_mod_digits, N.limbs),
0);
@ -237,22 +237,22 @@ void mpi_mod_random_values(int min, char *max_hex, int rep)
if (core_ret == 0) {
TEST_EQUAL(mbedtls_mpi_mod_raw_modulus_to_canonical_rep(R_mod_raw, &N),
0);
ASSERT_COMPARE(R_core, N.limbs * ciL,
R_mod_raw, N.limbs * ciL);
TEST_MEMORY_COMPARE(R_core, N.limbs * ciL,
R_mod_raw, N.limbs * ciL);
TEST_EQUAL(mbedtls_mpi_mod_raw_modulus_to_canonical_rep(R_mod_digits, &N),
0);
ASSERT_COMPARE(R_core, N.limbs * ciL,
R_mod_digits, N.limbs * ciL);
TEST_MEMORY_COMPARE(R_core, N.limbs * ciL,
R_mod_digits, N.limbs * ciL);
}
/* Also check that they have consumed the RNG in the same way. */
/* This may theoretically fail on rare platforms with padding in
* the structure! If this is a problem in practice, change to a
* field-by-field comparison. */
ASSERT_COMPARE(&rnd_core, sizeof(rnd_core),
&rnd_mod_raw, sizeof(rnd_mod_raw));
ASSERT_COMPARE(&rnd_core, sizeof(rnd_core),
&rnd_mod, sizeof(rnd_mod));
TEST_MEMORY_COMPARE(&rnd_core, sizeof(rnd_core),
&rnd_mod_raw, sizeof(rnd_mod_raw));
TEST_MEMORY_COMPARE(&rnd_core, sizeof(rnd_core),
&rnd_mod, sizeof(rnd_mod));
exit:
mbedtls_test_mpi_mod_modulus_free_with_limbs(&N);
@ -287,7 +287,7 @@ void mpi_random_many(int min, char *bound_hex, int iterations)
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&upper_bound, &limbs,
bound_hex));
ASSERT_ALLOC(result, limbs);
TEST_CALLOC(result, limbs);
n_bits = mbedtls_mpi_core_bitlen(upper_bound, limbs);
/* Consider a bound "small" if it's less than 2^5. This value is chosen
@ -302,7 +302,7 @@ void mpi_random_many(int min, char *bound_hex, int iterations)
full_stats = 0;
stats_len = n_bits;
}
ASSERT_ALLOC(stats, stats_len);
TEST_CALLOC(stats, stats_len);
for (i = 0; i < (size_t) iterations; i++) {
mbedtls_test_set_step(i);
@ -340,7 +340,7 @@ void mpi_random_many(int min, char *bound_hex, int iterations)
}
} else {
bound_bytes.len = limbs * sizeof(mbedtls_mpi_uint);
ASSERT_ALLOC(bound_bytes.x, bound_bytes.len);
TEST_CALLOC(bound_bytes.x, bound_bytes.len);
mbedtls_mpi_core_write_be(upper_bound, limbs,
bound_bytes.x, bound_bytes.len);
int statistically_safe_all_the_way =
@ -403,7 +403,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_WITH_MPI_UINT */
void mpi_mod_random_validation(int min, char *bound_hex,
int result_limbs_delta,
int expected_ret)
@ -416,7 +416,7 @@ void mpi_mod_random_validation(int min, char *bound_hex,
MBEDTLS_MPI_MOD_REP_OPT_RED),
0);
size_t result_limbs = N.limbs + result_limbs_delta;
ASSERT_ALLOC(result_digits, result_limbs);
TEST_CALLOC(result_digits, result_limbs);
/* Build a reside that might not match the modulus, to test that
* the library function rejects that as expected. */
mbedtls_mpi_mod_residue result = { result_digits, result_limbs };
@ -429,8 +429,7 @@ void mpi_mod_random_validation(int min, char *bound_hex,
* size as the modulus, otherwise it's a mistake in the test data. */
TEST_EQUAL(result_limbs, N.limbs);
/* Sanity check: check that the result is in range */
TEST_EQUAL(mbedtls_mpi_core_lt_ct(result_digits, N.p, N.limbs),
1);
TEST_ASSERT(0 != mbedtls_mpi_core_lt_ct(result_digits, N.p, N.limbs));
/* Check result >= min (changes result) */
TEST_EQUAL(mbedtls_mpi_core_sub_int(result_digits, result_digits, min,
result_limbs),
@ -444,8 +443,7 @@ void mpi_mod_random_validation(int min, char *bound_hex,
mbedtls_test_rnd_std_rand, NULL),
expected_ret);
if (expected_ret == 0) {
TEST_EQUAL(mbedtls_mpi_core_lt_ct(result_digits, N.p, N.limbs),
1);
TEST_ASSERT(0 != mbedtls_mpi_core_lt_ct(result_digits, N.p, N.limbs));
TEST_EQUAL(mbedtls_mpi_core_sub_int(result_digits, result.p, min,
result_limbs),
0);

72
tests/suites/test_suite_ccm.function
View File

@ -32,25 +32,25 @@ static int check_multipart(mbedtls_ccm_context *ctx,
/* Allocate a tight buffer for each update call. This way, if the function
* tries to write beyond the advertised required buffer size, this will
* count as an overflow for memory sanitizers and static checkers. */
ASSERT_ALLOC(output, n1);
TEST_CALLOC(output, n1);
olen = 0xdeadbeef;
TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x, n1, output, n1, &olen));
TEST_EQUAL(n1, olen);
ASSERT_COMPARE(output, olen, expected_output->x, n1);
TEST_MEMORY_COMPARE(output, olen, expected_output->x, n1);
mbedtls_free(output);
output = NULL;
ASSERT_ALLOC(output, n2);
TEST_CALLOC(output, n2);
olen = 0xdeadbeef;
TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x + n1, n2, output, n2, &olen));
TEST_EQUAL(n2, olen);
ASSERT_COMPARE(output, olen, expected_output->x + n1, n2);
TEST_MEMORY_COMPARE(output, olen, expected_output->x + n1, n2);
mbedtls_free(output);
output = NULL;
ASSERT_ALLOC(output, tag->len);
TEST_CALLOC(output, tag->len);
TEST_EQUAL(0, mbedtls_ccm_finish(ctx, output, tag->len));
ASSERT_COMPARE(output, tag->len, tag->x, tag->len);
TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len);
mbedtls_free(output);
output = NULL;
@ -107,7 +107,7 @@ void ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res)
mbedtls_ccm_init(&ctx);
ASSERT_ALLOC_WEAK(add, add_len);
TEST_CALLOC_OR_SKIP(add, add_len);
memset(key, 0, sizeof(key));
memset(msg, 0, sizeof(msg));
memset(iv, 0, sizeof(iv));
@ -190,13 +190,13 @@ void mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key,
const uint8_t *expected_tag = result->x + msg->len;
/* Prepare input/output message buffer */
ASSERT_ALLOC(io_msg_buf, msg->len);
TEST_CALLOC(io_msg_buf, msg->len);
if (msg->len != 0) {
memcpy(io_msg_buf, msg->x, msg->len);
}
/* Prepare tag buffer */
ASSERT_ALLOC(tag_buf, expected_tag_len);
TEST_CALLOC(tag_buf, expected_tag_len);
mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
@ -204,8 +204,8 @@ void mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key,
TEST_EQUAL(mbedtls_ccm_encrypt_and_tag(&ctx, msg->len, iv->x, iv->len, add->x, add->len,
io_msg_buf, io_msg_buf, tag_buf, expected_tag_len), 0);
ASSERT_COMPARE(io_msg_buf, msg->len, result->x, msg->len);
ASSERT_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len);
TEST_MEMORY_COMPARE(io_msg_buf, msg->len, result->x, msg->len);
TEST_MEMORY_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len);
/* Prepare data_t structures for multipart testing */
const data_t encrypted_expected = { .x = result->x,
@ -246,10 +246,10 @@ void mbedtls_ccm_star_no_tag(int cipher_id, int mode, data_t *key,
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, 0));
ASSERT_ALLOC(output, msg->len);
TEST_CALLOC(output, msg->len);
TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
TEST_EQUAL(result->len, olen);
ASSERT_COMPARE(output, olen, result->x, result->len);
TEST_MEMORY_COMPARE(output, olen, result->x, result->len);
TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, NULL, 0));
exit:
@ -272,7 +272,7 @@ void mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key,
/* Prepare input/output message buffer */
uint8_t *io_msg_buf = NULL;
ASSERT_ALLOC(io_msg_buf, expected_msg_len);
TEST_CALLOC(io_msg_buf, expected_msg_len);
if (expected_msg_len) {
memcpy(io_msg_buf, msg->x, expected_msg_len);
}
@ -285,7 +285,7 @@ void mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key,
result);
if (result == 0) {
ASSERT_COMPARE(io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len);
TEST_MEMORY_COMPARE(io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len);
/* Prepare data_t structures for multipart testing */
const data_t encrypted = { .x = msg->x,
@ -344,16 +344,16 @@ void mbedtls_ccm_star_encrypt_and_tag(int cipher_id,
}
/* Prepare input/output message buffer */
ASSERT_ALLOC(io_msg_buf, msg->len);
TEST_CALLOC(io_msg_buf, msg->len);
if (msg->len) {
memcpy(io_msg_buf, msg->x, msg->len);
}
/* Prepare tag buffer */
if (expected_tag_len == 0) {
ASSERT_ALLOC(tag_buf, 16);
TEST_CALLOC(tag_buf, 16);
} else {
ASSERT_ALLOC(tag_buf, expected_tag_len);
TEST_CALLOC(tag_buf, expected_tag_len);
}
/* Calculate iv */
@ -372,8 +372,8 @@ void mbedtls_ccm_star_encrypt_and_tag(int cipher_id,
add->x, add->len, io_msg_buf,
io_msg_buf, tag_buf, expected_tag_len), output_ret);
ASSERT_COMPARE(io_msg_buf, msg->len, expected_result->x, msg->len);
ASSERT_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len);
TEST_MEMORY_COMPARE(io_msg_buf, msg->len, expected_result->x, msg->len);
TEST_MEMORY_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len);
if (output_ret == 0) {
const data_t iv_data = { .x = iv,
@ -429,7 +429,7 @@ void mbedtls_ccm_star_auth_decrypt(int cipher_id,
/* Prepare input/output message buffer */
uint8_t *io_msg_buf = NULL;
ASSERT_ALLOC(io_msg_buf, expected_msg_len);
TEST_CALLOC(io_msg_buf, expected_msg_len);
if (expected_msg_len) {
memcpy(io_msg_buf, msg->x, expected_msg_len);
}
@ -450,7 +450,7 @@ void mbedtls_ccm_star_auth_decrypt(int cipher_id,
add->x, add->len, io_msg_buf, io_msg_buf,
expected_tag, expected_tag_len), output_ret);
ASSERT_COMPARE(io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len);
TEST_MEMORY_COMPARE(io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len);
if (output_ret == 0) {
const data_t iv_data = { .x = iv,
@ -500,17 +500,17 @@ void mbedtls_ccm_skip_ad(int cipher_id, int mode,
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, tag->len));
ASSERT_ALLOC(output, result->len);
TEST_CALLOC(output, result->len);
olen = 0xdeadbeef;
TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, result->len, &olen));
TEST_EQUAL(result->len, olen);
ASSERT_COMPARE(output, olen, result->x, result->len);
TEST_MEMORY_COMPARE(output, olen, result->x, result->len);
mbedtls_free(output);
output = NULL;
ASSERT_ALLOC(output, tag->len);
TEST_CALLOC(output, tag->len);
TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len));
ASSERT_COMPARE(output, tag->len, tag->x, tag->len);
TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len);
mbedtls_free(output);
output = NULL;
@ -536,9 +536,9 @@ void mbedtls_ccm_skip_update(int cipher_id, int mode,
TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
ASSERT_ALLOC(output, tag->len);
TEST_CALLOC(output, tag->len);
TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len));
ASSERT_COMPARE(output, tag->len, tag->x, tag->len);
TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len);
mbedtls_free(output);
output = NULL;
@ -607,7 +607,7 @@ void mbedtls_ccm_unexpected_text(int cipher_id, int mode,
TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
ASSERT_ALLOC(output, msg->len);
TEST_CALLOC(output, msg->len);
olen = 0xdeadbeef;
TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
@ -633,7 +633,7 @@ void mbedtls_ccm_incomplete_ad(int cipher_id, int mode,
TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1));
ASSERT_ALLOC(output, 16);
TEST_CALLOC(output, 16);
TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16));
exit:
@ -713,7 +713,7 @@ void mbedtls_ccm_overflow_update(int cipher_id, int mode,
TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
ASSERT_ALLOC(output, msg->len);
TEST_CALLOC(output, msg->len);
TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \
mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
exit:
@ -740,13 +740,13 @@ void mbedtls_ccm_incomplete_update(int cipher_id, int mode,
TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
ASSERT_ALLOC(output, msg->len);
TEST_CALLOC(output, msg->len);
olen = 0xdeadbeef;
TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len, &olen));
mbedtls_free(output);
output = NULL;
ASSERT_ALLOC(output, 16);
TEST_CALLOC(output, 16);
TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16));
exit:
@ -774,7 +774,7 @@ void mbedtls_ccm_full_update_and_overflow(int cipher_id, int mode,
TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
ASSERT_ALLOC(output, msg->len);
TEST_CALLOC(output, msg->len);
// pass full text
TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
// pass 1 extra byte
@ -809,7 +809,7 @@ void mbedtls_ccm_incomplete_update_overflow(int cipher_id, int mode,
TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
ASSERT_ALLOC(output, msg->len + 1);
TEST_CALLOC(output, msg->len + 1);
// pass incomplete text
TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len + 1, &olen));
// pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte)
@ -836,7 +836,7 @@ void mbedtls_ccm_instant_finish(int cipher_id, int mode,
// They are not a part of this test
TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 16, 16, 16));
ASSERT_ALLOC(output, 16);
TEST_CALLOC(output, 16);
TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16));
exit:

12
tests/suites/test_suite_chacha20.function
View File

@ -29,8 +29,8 @@ void chacha20_crypt(data_t *key_str,
TEST_ASSERT(mbedtls_chacha20_crypt(key_str->x, nonce_str->x, counter, src_str->len, src_str->x,
output) == 0);
ASSERT_COMPARE(output, expected_output_str->len,
expected_output_str->x, expected_output_str->len);
TEST_MEMORY_COMPARE(output, expected_output_str->len,
expected_output_str->x, expected_output_str->len);
/*
* Test the streaming API
@ -44,8 +44,8 @@ void chacha20_crypt(data_t *key_str,
memset(output, 0x00, sizeof(output));
TEST_ASSERT(mbedtls_chacha20_update(&ctx, src_str->len, src_str->x, output) == 0);
ASSERT_COMPARE(output, expected_output_str->len,
expected_output_str->x, expected_output_str->len);
TEST_MEMORY_COMPARE(output, expected_output_str->len,
expected_output_str->x, expected_output_str->len);
/*
* Test the streaming API again, piecewise
@ -60,8 +60,8 @@ void chacha20_crypt(data_t *key_str,
TEST_ASSERT(mbedtls_chacha20_update(&ctx, src_str->len - 1,
src_str->x + 1, output + 1) == 0);
ASSERT_COMPARE(output, expected_output_str->len,
expected_output_str->x, expected_output_str->len);
TEST_MEMORY_COMPARE(output, expected_output_str->len,
expected_output_str->x, expected_output_str->len);
mbedtls_chacha20_free(&ctx);
}

14
tests/suites/test_suite_cipher.function
View File

@ -586,7 +586,7 @@ void dec_empty_buf(int cipher,
iv_len = 12;
}
ASSERT_ALLOC(iv, iv_len);
TEST_CALLOC(iv, iv_len);
memset(iv, 0, iv_len);
TEST_ASSERT(sizeof(key) * 8 >= mbedtls_cipher_info_get_key_bitlen(cipher_info));
@ -908,7 +908,7 @@ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv,
* (we need the tag appended to the ciphertext)
*/
cipher_plus_tag_len = cipher->len + tag->len;
ASSERT_ALLOC(cipher_plus_tag, cipher_plus_tag_len);
TEST_CALLOC(cipher_plus_tag, cipher_plus_tag_len);
memcpy(cipher_plus_tag, cipher->x, cipher->len);
memcpy(cipher_plus_tag + cipher->len, tag->x, tag->len);
@ -926,7 +926,7 @@ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv,
* Try decrypting to a buffer that's 1B too small
*/
if (decrypt_buf_len != 0) {
ASSERT_ALLOC(decrypt_buf, decrypt_buf_len - 1);
TEST_CALLOC(decrypt_buf, decrypt_buf_len - 1);
outlen = 0;
ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len,
@ -941,7 +941,7 @@ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv,
/*
* Authenticate and decrypt, and check result
*/
ASSERT_ALLOC(decrypt_buf, decrypt_buf_len);
TEST_CALLOC(decrypt_buf, decrypt_buf_len);
outlen = 0;
ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len,
@ -953,7 +953,7 @@ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv,
TEST_ASSERT(buffer_is_all_zero(decrypt_buf, decrypt_buf_len));
} else {
TEST_ASSERT(ret == 0);
ASSERT_COMPARE(decrypt_buf, outlen, clear->x, clear->len);
TEST_MEMORY_COMPARE(decrypt_buf, outlen, clear->x, clear->len);
}
mbedtls_free(decrypt_buf);
@ -984,7 +984,7 @@ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv,
/*
* Try encrypting with an output buffer that's 1B too small
*/
ASSERT_ALLOC(encrypt_buf, encrypt_buf_len - 1);
TEST_CALLOC(encrypt_buf, encrypt_buf_len - 1);
outlen = 0;
ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len,
@ -998,7 +998,7 @@ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv,
/*
* Encrypt and check the result
*/
ASSERT_ALLOC(encrypt_buf, encrypt_buf_len);
TEST_CALLOC(encrypt_buf, encrypt_buf_len);
outlen = 0;
ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len,

20
tests/suites/test_suite_common.function
View File

@ -17,10 +17,10 @@ void mbedtls_xor(int len)
{
size_t n = (size_t) len;
unsigned char *a = NULL, *b = NULL, *r1 = NULL, *r2 = NULL;
ASSERT_ALLOC(a, n + 1);
ASSERT_ALLOC(b, n + 1);
ASSERT_ALLOC(r1, n + 1);
ASSERT_ALLOC(r2, n + 1);
TEST_CALLOC(a, n + 1);
TEST_CALLOC(b, n + 1);
TEST_CALLOC(r1, n + 1);
TEST_CALLOC(r2, n + 1);
/* Test non-overlapping */
fill_arrays(a, b, r1, r2, n);
@ -28,7 +28,7 @@ void mbedtls_xor(int len)
r1[i] = a[i] ^ b[i];
}
mbedtls_xor(r2, a, b, n);
ASSERT_COMPARE(r1, n, r2, n);
TEST_MEMORY_COMPARE(r1, n, r2, n);
/* Test r == a */
fill_arrays(a, b, r1, r2, n);
@ -36,7 +36,7 @@ void mbedtls_xor(int len)
r1[i] = r1[i] ^ b[i];
}
mbedtls_xor(r2, r2, b, n);
ASSERT_COMPARE(r1, n, r2, n);
TEST_MEMORY_COMPARE(r1, n, r2, n);
/* Test r == b */
fill_arrays(a, b, r1, r2, n);
@ -44,7 +44,7 @@ void mbedtls_xor(int len)
r1[i] = a[i] ^ r1[i];
}
mbedtls_xor(r2, a, r2, n);
ASSERT_COMPARE(r1, n, r2, n);
TEST_MEMORY_COMPARE(r1, n, r2, n);
/* Test a == b */
fill_arrays(a, b, r1, r2, n);
@ -52,7 +52,7 @@ void mbedtls_xor(int len)
r1[i] = a[i] ^ a[i];
}
mbedtls_xor(r2, a, a, n);
ASSERT_COMPARE(r1, n, r2, n);
TEST_MEMORY_COMPARE(r1, n, r2, n);
/* Test a == b == r */
fill_arrays(a, b, r1, r2, n);
@ -60,7 +60,7 @@ void mbedtls_xor(int len)
r1[i] = r1[i] ^ r1[i];
}
mbedtls_xor(r2, r2, r2, n);
ASSERT_COMPARE(r1, n, r2, n);
TEST_MEMORY_COMPARE(r1, n, r2, n);
/* Test non-word-aligned buffers, for all combinations of alignedness */
for (int i = 0; i < 7; i++) {
@ -71,7 +71,7 @@ void mbedtls_xor(int len)
r1[j + r_off] = a[j + a_off] ^ b[j + b_off];
}
mbedtls_xor(r2 + r_off, a + a_off, b + b_off, n);
ASSERT_COMPARE(r1 + r_off, n, r2 + r_off, n);
TEST_MEMORY_COMPARE(r1 + r_off, n, r2 + r_off, n);
}
exit:
mbedtls_free(a);

630
tests/suites/test_suite_constant_time.data
View File

@ -1,14 +1,14 @@
# these are the numbers we'd get with an empty plaintext and truncated HMAC
Constant-flow memcpy from offset: small
ssl_cf_memcpy_offset:0:5:10
mbedtls_ct_memcpy_offset:0:5:10
# we could get this with 255-bytes plaintext and untruncated SHA-256
Constant-flow memcpy from offset: medium
ssl_cf_memcpy_offset:0:255:32
mbedtls_ct_memcpy_offset:0:255:32
# we could get this with 255-bytes plaintext and untruncated SHA-384
Constant-flow memcpy from offset: large
ssl_cf_memcpy_offset:100:339:48
mbedtls_ct_memcpy_offset:100:339:48
mbedtls_ct_memcmp NULL
mbedtls_ct_memcmp_null
@ -91,47 +91,611 @@ mbedtls_ct_memcmp:-1:17:2
mbedtls_ct_memcmp len 17 offset 3
mbedtls_ct_memcmp:-1:17:3
mbedtls_ct_memcpy_if_eq len 1 offset 0
mbedtls_ct_memcpy_if_eq:1:1:0
mbedtls_ct_memcpy_if len 1 offset 0
mbedtls_ct_memcpy_if:1:1:0
mbedtls_ct_memcpy_if_eq len 1 offset 1
mbedtls_ct_memcpy_if_eq:1:1:1
mbedtls_ct_memcpy_if len 1 offset 1
mbedtls_ct_memcpy_if:1:1:1
mbedtls_ct_memcpy_if_eq len 4 offset 0
mbedtls_ct_memcpy_if_eq:1:1:0
mbedtls_ct_memcpy_if len 4 offset 0
mbedtls_ct_memcpy_if:1:1:0
mbedtls_ct_memcpy_if_eq len 4 offset 1
mbedtls_ct_memcpy_if_eq:1:1:1
mbedtls_ct_memcpy_if len 4 offset 1
mbedtls_ct_memcpy_if:1:1:1
mbedtls_ct_memcpy_if_eq len 4 offset 2
mbedtls_ct_memcpy_if_eq:1:1:2
mbedtls_ct_memcpy_if len 4 offset 2
mbedtls_ct_memcpy_if:1:1:2
mbedtls_ct_memcpy_if_eq len 4 offset 3
mbedtls_ct_memcpy_if_eq:1:1:3
mbedtls_ct_memcpy_if len 4 offset 3
mbedtls_ct_memcpy_if:1:1:3
mbedtls_ct_memcpy_if_eq len 15 offset 0
mbedtls_ct_memcpy_if_eq:1:15:0
mbedtls_ct_memcpy_if len 15 offset 0
mbedtls_ct_memcpy_if:1:15:0
mbedtls_ct_memcpy_if_eq len 15 offset 1
mbedtls_ct_memcpy_if_eq:1:15:1
mbedtls_ct_memcpy_if len 15 offset 1
mbedtls_ct_memcpy_if:1:15:1
mbedtls_ct_memcpy_if_eq len 16 offset 0
mbedtls_ct_memcpy_if_eq:1:16:0
mbedtls_ct_memcpy_if len 16 offset 0
mbedtls_ct_memcpy_if:1:16:0
mbedtls_ct_memcpy_if_eq len 16 offset 1
mbedtls_ct_memcpy_if_eq:1:16:1
mbedtls_ct_memcpy_if len 16 offset 1
mbedtls_ct_memcpy_if:1:16:1
mbedtls_ct_memcpy_if_eq len 17 offset 0
mbedtls_ct_memcpy_if_eq:1:17:0
mbedtls_ct_memcpy_if len 17 offset 0
mbedtls_ct_memcpy_if:1:17:0
mbedtls_ct_memcpy_if_eq len 17 offset 1
mbedtls_ct_memcpy_if_eq:1:17:1
mbedtls_ct_memcpy_if len 17 offset 1
mbedtls_ct_memcpy_if:1:17:1
mbedtls_ct_memcpy_if_eq len 0 not eq
mbedtls_ct_memcpy_if_eq:0:17:0
mbedtls_ct_memcpy_if len 0 not eq
mbedtls_ct_memcpy_if:0:17:0
mbedtls_ct_memcpy_if_eq len 5 offset 1 not eq
mbedtls_ct_memcpy_if_eq:0:5:1
mbedtls_ct_memcpy_if len 5 offset 1 not eq
mbedtls_ct_memcpy_if:0:5:1
mbedtls_ct_memcpy_if_eq len 17 offset 3 not eq
mbedtls_ct_memcpy_if_eq:0:17:3
mbedtls_ct_memcpy_if len 17 offset 3 not eq
mbedtls_ct_memcpy_if:0:17:3
mbedtls_ct_bool 0
mbedtls_ct_bool:"0x0"
mbedtls_ct_bool 1
mbedtls_ct_bool:"0x1"
mbedtls_ct_bool 4
mbedtls_ct_bool:"0x4"
mbedtls_ct_bool 0xfffffff
mbedtls_ct_bool:"0xfffffff"
mbedtls_ct_bool 0x7fffffff
mbedtls_ct_bool:"0x7fffffff"
mbedtls_ct_bool 0xfffffffe
mbedtls_ct_bool:"0xfffffffe"
mbedtls_ct_bool 0xffffffff
mbedtls_ct_bool:"0xffffffff"
mbedtls_ct_bool 0x0fffffffffffffff
mbedtls_ct_bool:"0x0fffffffffffffff"
mbedtls_ct_bool 0x7fffffffffffffff
mbedtls_ct_bool:"0x7fffffffffffffff"
mbedtls_ct_bool 0xffffffffffffffff
mbedtls_ct_bool:"0xffffffffffffffff"
mbedtls_ct_bool_xxx 0x0 0x0
mbedtls_ct_bool_xxx:"0x0":"0x0"
mbedtls_ct_bool_xxx 0x0 0x1
mbedtls_ct_bool_xxx:"0x0":"0x1"
mbedtls_ct_bool_xxx 0x0 0x7fffffff
mbedtls_ct_bool_xxx:"0x0":"0x7fffffff"
mbedtls_ct_bool_xxx 0x0 0xffffffff
mbedtls_ct_bool_xxx:"0x0":"0xffffffff"
mbedtls_ct_bool_xxx 0x0 0x7fffffffffffffff
mbedtls_ct_bool_xxx:"0x0":"0x7fffffffffffffff"
mbedtls_ct_bool_xxx 0x0 0xffffffffffffffff
mbedtls_ct_bool_xxx:"0x0":"0xffffffffffffffff"
mbedtls_ct_bool_xxx 0x1 0x0
mbedtls_ct_bool_xxx:"0x1":"0x0"
mbedtls_ct_bool_xxx 0x1 0x1
mbedtls_ct_bool_xxx:"0x1":"0x1"
mbedtls_ct_bool_xxx 0x1 0x7fffffff
mbedtls_ct_bool_xxx:"0x1":"0x7fffffff"
mbedtls_ct_bool_xxx 0x1 0xffffffff
mbedtls_ct_bool_xxx:"0x1":"0xffffffff"
mbedtls_ct_bool_xxx 0x1 0x7fffffffffffffff
mbedtls_ct_bool_xxx:"0x1":"0x7fffffffffffffff"
mbedtls_ct_bool_xxx 0x1 0xffffffffffffffff
mbedtls_ct_bool_xxx:"0x1":"0xffffffffffffffff"
mbedtls_ct_bool_xxx 0x7fffffff 0x0
mbedtls_ct_bool_xxx:"0x7fffffff":"0x0"
mbedtls_ct_bool_xxx 0x7fffffff 0x1
mbedtls_ct_bool_xxx:"0x7fffffff":"0x1"
mbedtls_ct_bool_xxx 0x7fffffff 0x7fffffff
mbedtls_ct_bool_xxx:"0x7fffffff":"0x7fffffff"
mbedtls_ct_bool_xxx 0x7fffffff 0xffffffff
mbedtls_ct_bool_xxx:"0x7fffffff":"0xffffffff"
mbedtls_ct_bool_xxx 0x7fffffff 0x7fffffffffffffff
mbedtls_ct_bool_xxx:"0x7fffffff":"0x7fffffffffffffff"
mbedtls_ct_bool_xxx 0x7fffffff 0xffffffffffffffff
mbedtls_ct_bool_xxx:"0x7fffffff":"0xffffffffffffffff"
mbedtls_ct_bool_xxx 0xffffffff 0x0
mbedtls_ct_bool_xxx:"0xffffffff":"0x0"
mbedtls_ct_bool_xxx 0xffffffff 0x1
mbedtls_ct_bool_xxx:"0xffffffff":"0x1"
mbedtls_ct_bool_xxx 0xffffffff 0x7fffffff
mbedtls_ct_bool_xxx:"0xffffffff":"0x7fffffff"
mbedtls_ct_bool_xxx 0xffffffff 0xffffffff
mbedtls_ct_bool_xxx:"0xffffffff":"0xffffffff"
mbedtls_ct_bool_xxx 0xffffffff 0x7fffffffffffffff
mbedtls_ct_bool_xxx:"0xffffffff":"0x7fffffffffffffff"
mbedtls_ct_bool_xxx 0xffffffff 0xffffffffffffffff
mbedtls_ct_bool_xxx:"0xffffffff":"0xffffffffffffffff"
mbedtls_ct_bool_xxx 0x7fffffffffffffff 0x0
mbedtls_ct_bool_xxx:"0x7fffffffffffffff":"0x0"
mbedtls_ct_bool_xxx 0x7fffffffffffffff 0x1
mbedtls_ct_bool_xxx:"0x7fffffffffffffff":"0x1"
mbedtls_ct_bool_xxx 0x7fffffffffffffff 0x7fffffff
mbedtls_ct_bool_xxx:"0x7fffffffffffffff":"0x7fffffff"
mbedtls_ct_bool_xxx 0x7fffffffffffffff 0xffffffff
mbedtls_ct_bool_xxx:"0x7fffffffffffffff":"0xffffffff"
mbedtls_ct_bool_xxx 0x7fffffffffffffff 0x7fffffffffffffff
mbedtls_ct_bool_xxx:"0x7fffffffffffffff":"0x7fffffffffffffff"
mbedtls_ct_bool_xxx 0x7fffffffffffffff 0xffffffffffffffff
mbedtls_ct_bool_xxx:"0x7fffffffffffffff":"0xffffffffffffffff"
mbedtls_ct_bool_xxx 0xffffffffffffffff 0x0
mbedtls_ct_bool_xxx:"0xffffffffffffffff":"0x0"
mbedtls_ct_bool_xxx 0xffffffffffffffff 0x1
mbedtls_ct_bool_xxx:"0xffffffffffffffff":"0x1"
mbedtls_ct_bool_xxx 0xffffffffffffffff 0x7fffffff
mbedtls_ct_bool_xxx:"0xffffffffffffffff":"0x7fffffff"
mbedtls_ct_bool_xxx 0xffffffffffffffff 0xffffffff
mbedtls_ct_bool_xxx:"0xffffffffffffffff":"0xffffffff"
mbedtls_ct_bool_xxx 0xffffffffffffffff 0x7fffffffffffffff
mbedtls_ct_bool_xxx:"0xffffffffffffffff":"0x7fffffffffffffff"
mbedtls_ct_bool_xxx 0xffffffffffffffff 0xffffffffffffffff
mbedtls_ct_bool_xxx:"0xffffffffffffffff":"0xffffffffffffffff"
mbedtls_ct_bool_xxx 138 256
mbedtls_ct_bool_xxx:"138":"256"
mbedtls_ct_bool_xxx 256 138
mbedtls_ct_bool_xxx:"256":"138"
mbedtls_ct_bool_xxx 6 6
mbedtls_ct_bool_xxx:"0x6":"0x6"
mbedtls_ct_uchar_in_range_if 0 0 0
mbedtls_ct_uchar_in_range_if:0:0:0
mbedtls_ct_uchar_in_range_if 0 0 100
mbedtls_ct_uchar_in_range_if:0:0:100
mbedtls_ct_uchar_in_range_if 0 0 255
mbedtls_ct_uchar_in_range_if:0:0:255
mbedtls_ct_uchar_in_range_if 0 65 0
mbedtls_ct_uchar_in_range_if:0:65:0
mbedtls_ct_uchar_in_range_if 0 65 100
mbedtls_ct_uchar_in_range_if:0:65:100
mbedtls_ct_uchar_in_range_if 0 65 255
mbedtls_ct_uchar_in_range_if:0:65:255
mbedtls_ct_uchar_in_range_if 0 90 0
mbedtls_ct_uchar_in_range_if:0:90:0
mbedtls_ct_uchar_in_range_if 0 90 100
mbedtls_ct_uchar_in_range_if:0:90:100
mbedtls_ct_uchar_in_range_if 0 90 255
mbedtls_ct_uchar_in_range_if:0:90:255
mbedtls_ct_uchar_in_range_if 0 255 0
mbedtls_ct_uchar_in_range_if:0:255:0
mbedtls_ct_uchar_in_range_if 0 255 100
mbedtls_ct_uchar_in_range_if:0:255:100
mbedtls_ct_uchar_in_range_if 0 255 255
mbedtls_ct_uchar_in_range_if:0:255:255
mbedtls_ct_uchar_in_range_if 65 0 0
mbedtls_ct_uchar_in_range_if:65:0:0
mbedtls_ct_uchar_in_range_if 65 0 100
mbedtls_ct_uchar_in_range_if:65:0:100
mbedtls_ct_uchar_in_range_if 65 0 255
mbedtls_ct_uchar_in_range_if:65:0:255
mbedtls_ct_uchar_in_range_if 65 65 0
mbedtls_ct_uchar_in_range_if:65:65:0
mbedtls_ct_uchar_in_range_if 65 65 100
mbedtls_ct_uchar_in_range_if:65:65:100
mbedtls_ct_uchar_in_range_if 65 65 255
mbedtls_ct_uchar_in_range_if:65:65:255
mbedtls_ct_uchar_in_range_if 65 90 0
mbedtls_ct_uchar_in_range_if:65:90:0
mbedtls_ct_uchar_in_range_if 65 90 100
mbedtls_ct_uchar_in_range_if:65:90:100
mbedtls_ct_uchar_in_range_if 65 90 255
mbedtls_ct_uchar_in_range_if:65:90:255
mbedtls_ct_uchar_in_range_if 65 255 0
mbedtls_ct_uchar_in_range_if:65:255:0
mbedtls_ct_uchar_in_range_if 65 255 100
mbedtls_ct_uchar_in_range_if:65:255:100
mbedtls_ct_uchar_in_range_if 65 255 255
mbedtls_ct_uchar_in_range_if:65:255:255
mbedtls_ct_uchar_in_range_if 90 0 0
mbedtls_ct_uchar_in_range_if:90:0:0
mbedtls_ct_uchar_in_range_if 90 0 100
mbedtls_ct_uchar_in_range_if:90:0:100
mbedtls_ct_uchar_in_range_if 90 0 255
mbedtls_ct_uchar_in_range_if:90:0:255
mbedtls_ct_uchar_in_range_if 90 65 0
mbedtls_ct_uchar_in_range_if:90:65:0
mbedtls_ct_uchar_in_range_if 90 65 100
mbedtls_ct_uchar_in_range_if:90:65:100
mbedtls_ct_uchar_in_range_if 90 65 255
mbedtls_ct_uchar_in_range_if:90:65:255
mbedtls_ct_uchar_in_range_if 90 90 0
mbedtls_ct_uchar_in_range_if:90:90:0
mbedtls_ct_uchar_in_range_if 90 90 100
mbedtls_ct_uchar_in_range_if:90:90:100
mbedtls_ct_uchar_in_range_if 90 90 255
mbedtls_ct_uchar_in_range_if:90:90:255
mbedtls_ct_uchar_in_range_if 90 255 0
mbedtls_ct_uchar_in_range_if:90:255:0
mbedtls_ct_uchar_in_range_if 90 255 100
mbedtls_ct_uchar_in_range_if:90:255:100
mbedtls_ct_uchar_in_range_if 90 255 255
mbedtls_ct_uchar_in_range_if:90:255:255
mbedtls_ct_uchar_in_range_if 255 0 0
mbedtls_ct_uchar_in_range_if:255:0:0
mbedtls_ct_uchar_in_range_if 255 0 100
mbedtls_ct_uchar_in_range_if:255:0:100
mbedtls_ct_uchar_in_range_if 255 0 255
mbedtls_ct_uchar_in_range_if:255:0:255
mbedtls_ct_uchar_in_range_if 255 65 0
mbedtls_ct_uchar_in_range_if:255:65:0
mbedtls_ct_uchar_in_range_if 255 65 100
mbedtls_ct_uchar_in_range_if:255:65:100
mbedtls_ct_uchar_in_range_if 255 65 255
mbedtls_ct_uchar_in_range_if:255:65:255
mbedtls_ct_uchar_in_range_if 255 90 0
mbedtls_ct_uchar_in_range_if:255:90:0
mbedtls_ct_uchar_in_range_if 255 90 100
mbedtls_ct_uchar_in_range_if:255:90:100
mbedtls_ct_uchar_in_range_if 255 90 255
mbedtls_ct_uchar_in_range_if:255:90:255
mbedtls_ct_uchar_in_range_if 255 255 0
mbedtls_ct_uchar_in_range_if:255:255:0
mbedtls_ct_uchar_in_range_if 255 255 100
mbedtls_ct_uchar_in_range_if:255:255:100
mbedtls_ct_uchar_in_range_if 255 255 255
mbedtls_ct_uchar_in_range_if:255:255:255
mbedtls_ct_if 0x0 0x0 0x0
mbedtls_ct_if:"0x0":"0x0":"0x0"
mbedtls_ct_if 0x0 0x0 0x1
mbedtls_ct_if:"0x0":"0x0":"0x1"
mbedtls_ct_if 0x0 0x0 0x7fffffff
mbedtls_ct_if:"0x0":"0x0":"0x7fffffff"
mbedtls_ct_if 0x0 0x0 0xffffffff
mbedtls_ct_if:"0x0":"0x0":"0xffffffff"
mbedtls_ct_if 0x0 0x0 0x7fffffffffffffff
mbedtls_ct_if:"0x0":"0x0":"0x7fffffffffffffff"
mbedtls_ct_if 0x0 0x0 0xffffffffffffffff
mbedtls_ct_if:"0x0":"0x0":"0xffffffffffffffff"
mbedtls_ct_if 0x0 0x1 0x0
mbedtls_ct_if:"0x0":"0x1":"0x0"
mbedtls_ct_if 0x0 0x1 0x1
mbedtls_ct_if:"0x0":"0x1":"0x1"
mbedtls_ct_if 0x0 0x1 0x7fffffff
mbedtls_ct_if:"0x0":"0x1":"0x7fffffff"
mbedtls_ct_if 0x0 0x1 0xffffffff
mbedtls_ct_if:"0x0":"0x1":"0xffffffff"
mbedtls_ct_if 0x0 0x1 0x7fffffffffffffff
mbedtls_ct_if:"0x0":"0x1":"0x7fffffffffffffff"
mbedtls_ct_if 0x0 0x1 0xffffffffffffffff
mbedtls_ct_if:"0x0":"0x1":"0xffffffffffffffff"
mbedtls_ct_if 0x0 0x7fffffff 0x0
mbedtls_ct_if:"0x0":"0x7fffffff":"0x0"
mbedtls_ct_if 0x0 0x7fffffff 0x1
mbedtls_ct_if:"0x0":"0x7fffffff":"0x1"
mbedtls_ct_if 0x0 0x7fffffff 0x7fffffff
mbedtls_ct_if:"0x0":"0x7fffffff":"0x7fffffff"
mbedtls_ct_if 0x0 0x7fffffff 0xffffffff
mbedtls_ct_if:"0x0":"0x7fffffff":"0xffffffff"
mbedtls_ct_if 0x0 0x7fffffff 0x7fffffffffffffff
mbedtls_ct_if:"0x0":"0x7fffffff":"0x7fffffffffffffff"
mbedtls_ct_if 0x0 0x7fffffff 0xffffffffffffffff
mbedtls_ct_if:"0x0":"0x7fffffff":"0xffffffffffffffff"
mbedtls_ct_if 0x0 0xffffffff 0x0
mbedtls_ct_if:"0x0":"0xffffffff":"0x0"
mbedtls_ct_if 0x0 0xffffffff 0x1
mbedtls_ct_if:"0x0":"0xffffffff":"0x1"
mbedtls_ct_if 0x0 0xffffffff 0x7fffffff
mbedtls_ct_if:"0x0":"0xffffffff":"0x7fffffff"
mbedtls_ct_if 0x0 0xffffffff 0xffffffff
mbedtls_ct_if:"0x0":"0xffffffff":"0xffffffff"
mbedtls_ct_if 0x0 0xffffffff 0x7fffffffffffffff
mbedtls_ct_if:"0x0":"0xffffffff":"0x7fffffffffffffff"
mbedtls_ct_if 0x0 0xffffffff 0xffffffffffffffff
mbedtls_ct_if:"0x0":"0xffffffff":"0xffffffffffffffff"
mbedtls_ct_if 0x0 0x7fffffffffffffff 0x0
mbedtls_ct_if:"0x0":"0x7fffffffffffffff":"0x0"
mbedtls_ct_if 0x0 0x7fffffffffffffff 0x1
mbedtls_ct_if:"0x0":"0x7fffffffffffffff":"0x1"
mbedtls_ct_if 0x0 0x7fffffffffffffff 0x7fffffff
mbedtls_ct_if:"0x0":"0x7fffffffffffffff":"0x7fffffff"
mbedtls_ct_if 0x0 0x7fffffffffffffff 0xffffffff
mbedtls_ct_if:"0x0":"0x7fffffffffffffff":"0xffffffff"
mbedtls_ct_if 0x0 0x7fffffffffffffff 0x7fffffffffffffff
mbedtls_ct_if:"0x0":"0x7fffffffffffffff":"0x7fffffffffffffff"
mbedtls_ct_if 0x0 0x7fffffffffffffff 0xffffffffffffffff
mbedtls_ct_if:"0x0":"0x7fffffffffffffff":"0xffffffffffffffff"
mbedtls_ct_if 0x0 0xffffffffffffffff 0x0
mbedtls_ct_if:"0x0":"0xffffffffffffffff":"0x0"
mbedtls_ct_if 0x0 0xffffffffffffffff 0x1
mbedtls_ct_if:"0x0":"0xffffffffffffffff":"0x1"
mbedtls_ct_if 0x0 0xffffffffffffffff 0x7fffffff
mbedtls_ct_if:"0x0":"0xffffffffffffffff":"0x7fffffff"
mbedtls_ct_if 0x0 0xffffffffffffffff 0xffffffff
mbedtls_ct_if:"0x0":"0xffffffffffffffff":"0xffffffff"
mbedtls_ct_if 0x0 0xffffffffffffffff 0x7fffffffffffffff
mbedtls_ct_if:"0x0":"0xffffffffffffffff":"0x7fffffffffffffff"
mbedtls_ct_if 0x0 0xffffffffffffffff 0xffffffffffffffff
mbedtls_ct_if:"0x0":"0xffffffffffffffff":"0xffffffffffffffff"
mbedtls_ct_if 0xffffffffffffffff 0x0 0x0
mbedtls_ct_if:"0xffffffffffffffff":"0x0":"0x0"
mbedtls_ct_if 0xffffffffffffffff 0x0 0x1
mbedtls_ct_if:"0xffffffffffffffff":"0x0":"0x1"
mbedtls_ct_if 0xffffffffffffffff 0x0 0x7fffffff
mbedtls_ct_if:"0xffffffffffffffff":"0x0":"0x7fffffff"
mbedtls_ct_if 0xffffffffffffffff 0x0 0xffffffff
mbedtls_ct_if:"0xffffffffffffffff":"0x0":"0xffffffff"
mbedtls_ct_if 0xffffffffffffffff 0x0 0x7fffffffffffffff
mbedtls_ct_if:"0xffffffffffffffff":"0x0":"0x7fffffffffffffff"
mbedtls_ct_if 0xffffffffffffffff 0x0 0xffffffffffffffff
mbedtls_ct_if:"0xffffffffffffffff":"0x0":"0xffffffffffffffff"
mbedtls_ct_if 0xffffffffffffffff 0x1 0x0
mbedtls_ct_if:"0xffffffffffffffff":"0x1":"0x0"
mbedtls_ct_if 0xffffffffffffffff 0x1 0x1
mbedtls_ct_if:"0xffffffffffffffff":"0x1":"0x1"
mbedtls_ct_if 0xffffffffffffffff 0x1 0x7fffffff
mbedtls_ct_if:"0xffffffffffffffff":"0x1":"0x7fffffff"
mbedtls_ct_if 0xffffffffffffffff 0x1 0xffffffff
mbedtls_ct_if:"0xffffffffffffffff":"0x1":"0xffffffff"
mbedtls_ct_if 0xffffffffffffffff 0x1 0x7fffffffffffffff
mbedtls_ct_if:"0xffffffffffffffff":"0x1":"0x7fffffffffffffff"
mbedtls_ct_if 0xffffffffffffffff 0x1 0xffffffffffffffff
mbedtls_ct_if:"0xffffffffffffffff":"0x1":"0xffffffffffffffff"
mbedtls_ct_if 0xffffffffffffffff 0x7fffffff 0x0
mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffff":"0x0"
mbedtls_ct_if 0xffffffffffffffff 0x7fffffff 0x1
mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffff":"0x1"
mbedtls_ct_if 0xffffffffffffffff 0x7fffffff 0x7fffffff
mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffff":"0x7fffffff"
mbedtls_ct_if 0xffffffffffffffff 0x7fffffff 0xffffffff
mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffff":"0xffffffff"
mbedtls_ct_if 0xffffffffffffffff 0x7fffffff 0x7fffffffffffffff
mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffff":"0x7fffffffffffffff"
mbedtls_ct_if 0xffffffffffffffff 0x7fffffff 0xffffffffffffffff
mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffff":"0xffffffffffffffff"
mbedtls_ct_if 0xffffffffffffffff 0xffffffff 0x0
mbedtls_ct_if:"0xffffffffffffffff":"0xffffffff":"0x0"
mbedtls_ct_if 0xffffffffffffffff 0xffffffff 0x1
mbedtls_ct_if:"0xffffffffffffffff":"0xffffffff":"0x1"
mbedtls_ct_if 0xffffffffffffffff 0xffffffff 0x7fffffff
mbedtls_ct_if:"0xffffffffffffffff":"0xffffffff":"0x7fffffff"
mbedtls_ct_if 0xffffffffffffffff 0xffffffff 0xffffffff
mbedtls_ct_if:"0xffffffffffffffff":"0xffffffff":"0xffffffff"
mbedtls_ct_if 0xffffffffffffffff 0xffffffff 0x7fffffffffffffff
mbedtls_ct_if:"0xffffffffffffffff":"0xffffffff":"0x7fffffffffffffff"
mbedtls_ct_if 0xffffffffffffffff 0xffffffff 0xffffffffffffffff
mbedtls_ct_if:"0xffffffffffffffff":"0xffffffff":"0xffffffffffffffff"
mbedtls_ct_if 0xffffffffffffffff 0x7fffffffffffffff 0x0
mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffffffffffff":"0x0"
mbedtls_ct_if 0xffffffffffffffff 0x7fffffffffffffff 0x1
mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffffffffffff":"0x1"
mbedtls_ct_if 0xffffffffffffffff 0x7fffffffffffffff 0x7fffffff
mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffffffffffff":"0x7fffffff"
mbedtls_ct_if 0xffffffffffffffff 0x7fffffffffffffff 0xffffffff
mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffffffffffff":"0xffffffff"
mbedtls_ct_if 0xffffffffffffffff 0x7fffffffffffffff 0x7fffffffffffffff
mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffffffffffff":"0x7fffffffffffffff"
mbedtls_ct_if 0xffffffffffffffff 0x7fffffffffffffff 0xffffffffffffffff
mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffffffffffff":"0xffffffffffffffff"
mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0x0
mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0x0"
mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0x1
mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0x1"
mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0x7fffffff
mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0x7fffffff"
mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0xffffffff
mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0xffffffff"
mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0x7fffffffffffffff
mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0x7fffffffffffffff"
mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0xffffffffffffffff
mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0xffffffffffffffff"
mbedtls_ct_zeroize_if 0x0 0
mbedtls_ct_zeroize_if:"0x0":0
mbedtls_ct_zeroize_if 0x0 1
mbedtls_ct_zeroize_if:"0x0":1
mbedtls_ct_zeroize_if 0x0 1024
mbedtls_ct_zeroize_if:"0x0":1024
mbedtls_ct_zeroize_if 0xffffffffffffffff 0
mbedtls_ct_zeroize_if:"0xffffffffffffffff":0
mbedtls_ct_zeroize_if 0xffffffffffffffff 1
mbedtls_ct_zeroize_if:"0xffffffffffffffff":1
mbedtls_ct_zeroize_if 0xffffffffffffffff 4
mbedtls_ct_zeroize_if:"0xffffffffffffffff":4
mbedtls_ct_zeroize_if 0xffffffffffffffff 5
mbedtls_ct_zeroize_if:"0xffffffffffffffff":5
mbedtls_ct_zeroize_if 0xffffffffffffffff 7
mbedtls_ct_zeroize_if:"0xffffffffffffffff":7
mbedtls_ct_zeroize_if 0xffffffffffffffff 8
mbedtls_ct_zeroize_if:"0xffffffffffffffff":8
mbedtls_ct_zeroize_if 0xffffffffffffffff 9
mbedtls_ct_zeroize_if:"0xffffffffffffffff":9
mbedtls_ct_zeroize_if 0xffffffffffffffff 1024
mbedtls_ct_zeroize_if:"0xffffffffffffffff":1024
mbedtls_ct_memmove_left 0 0
mbedtls_ct_memmove_left:0:0
mbedtls_ct_memmove_left 1 0
mbedtls_ct_memmove_left:1:0
mbedtls_ct_memmove_left 1 1
mbedtls_ct_memmove_left:1:1
mbedtls_ct_memmove_left 16 0
mbedtls_ct_memmove_left:16:0
mbedtls_ct_memmove_left 16 1
mbedtls_ct_memmove_left:16:1
mbedtls_ct_memmove_left 16 4
mbedtls_ct_memmove_left:16:4
mbedtls_ct_memmove_left 16 15
mbedtls_ct_memmove_left:16:15
mbedtls_ct_memmove_left 16 16
mbedtls_ct_memmove_left:16:16

307
tests/suites/test_suite_constant_time.function
View File

@ -8,9 +8,15 @@
* under MSan or Valgrind will detect a non-constant-time implementation.
*/
#include <stdio.h>
#include <limits.h>
#include <stdlib.h>
#include <errno.h>
#include <mbedtls/bignum.h>
#include <mbedtls/constant_time.h>
#include <constant_time_internal.h>
#include <constant_time_invasive.h>
#include <test/constant_flow.h>
/* END_HEADER */
@ -25,15 +31,153 @@ void mbedtls_ct_memcmp_null()
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_ct_bool(char *input)
{
mbedtls_ct_uint_t v = (mbedtls_ct_uint_t) strtoull(input, NULL, 16);
TEST_ASSERT(errno == 0);
mbedtls_ct_condition_t expected = (v != 0) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
TEST_CF_SECRET(&v, sizeof(v));
TEST_EQUAL(mbedtls_ct_bool(v), expected);
TEST_CF_PUBLIC(&v, sizeof(v));
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_ct_bool_xxx(char *x_str, char *y_str)
{
mbedtls_ct_uint_t x = strtoull(x_str, NULL, 0);
mbedtls_ct_uint_t y = strtoull(y_str, NULL, 0);
mbedtls_ct_uint_t x1 = x;
mbedtls_ct_uint_t y1 = y;
TEST_CF_SECRET(&x, sizeof(x));
TEST_CF_SECRET(&y, sizeof(y));
mbedtls_ct_condition_t expected = x1 ? MBEDTLS_CT_FALSE : MBEDTLS_CT_TRUE;
TEST_EQUAL(mbedtls_ct_bool_not(mbedtls_ct_bool(x)), expected);
expected = x1 != y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
TEST_EQUAL(mbedtls_ct_uint_ne(x, y), expected);
expected = x1 == y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
TEST_EQUAL(mbedtls_ct_uint_eq(x, y), expected);
expected = x1 > y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
TEST_EQUAL(mbedtls_ct_uint_gt(x, y), expected);
expected = x1 < y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
TEST_EQUAL(mbedtls_ct_uint_lt(x, y), expected);
expected = x1 >= y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
TEST_EQUAL(mbedtls_ct_uint_ge(x, y), expected);
expected = x1 <= y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
TEST_EQUAL(mbedtls_ct_uint_le(x, y), expected);
expected = (!!x1) ^ (!!y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
TEST_EQUAL(mbedtls_ct_bool_xor(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected);
expected = (!!x1) && (!!y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
TEST_EQUAL(mbedtls_ct_bool_and(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected);
expected = (!!x1) || (!!y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
TEST_EQUAL(mbedtls_ct_bool_or(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected);
TEST_CF_PUBLIC(&x, sizeof(x));
TEST_CF_PUBLIC(&y, sizeof(y));
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_BASE64_C */
void mbedtls_ct_uchar_in_range_if(int li, int hi, int ti)
{
unsigned char l = li, h = hi, t = ti;
for (unsigned x = 0; x <= 255; x++) {
unsigned char expected = (x >= l) && (x <= h) ? t : 0;
TEST_CF_SECRET(&x, sizeof(x));
TEST_CF_SECRET(&l, sizeof(l));
TEST_CF_SECRET(&h, sizeof(h));
TEST_CF_SECRET(&t, sizeof(t));
TEST_EQUAL(mbedtls_ct_uchar_in_range_if(l, h, (unsigned char) x, t), expected);
TEST_CF_PUBLIC(&x, sizeof(x));
TEST_CF_PUBLIC(&l, sizeof(l));
TEST_CF_PUBLIC(&h, sizeof(h));
TEST_CF_PUBLIC(&t, sizeof(t));
}
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_ct_if(char *c_str, char *t_str, char *f_str)
{
mbedtls_ct_condition_t c = mbedtls_ct_bool(strtoull(c_str, NULL, 16));
mbedtls_ct_uint_t t = (mbedtls_ct_uint_t) strtoull(t_str, NULL, 16);
mbedtls_ct_uint_t f = (mbedtls_ct_uint_t) strtoull(f_str, NULL, 16);
mbedtls_ct_uint_t expected = c ? t : f;
mbedtls_ct_uint_t expected0 = c ? t : 0;
TEST_CF_SECRET(&c, sizeof(c));
TEST_CF_SECRET(&t, sizeof(t));
TEST_CF_SECRET(&f, sizeof(f));
TEST_EQUAL(mbedtls_ct_if(c, t, f), expected);
TEST_EQUAL(mbedtls_ct_size_if(c, t, f), (size_t) expected);
TEST_EQUAL(mbedtls_ct_uint_if(c, t, f), (unsigned) expected);
#if defined(MBEDTLS_BIGNUM_C)
TEST_EQUAL(mbedtls_ct_mpi_uint_if(c, t, f), (mbedtls_mpi_uint) expected);
#endif
TEST_EQUAL(mbedtls_ct_uint_if_else_0(c, t), (unsigned) expected0);
TEST_EQUAL(mbedtls_ct_size_if_else_0(c, (size_t) t), (size_t) expected0);
#if defined(MBEDTLS_BIGNUM_C)
TEST_EQUAL(mbedtls_ct_mpi_uint_if_else_0(c, t), (mbedtls_mpi_uint) expected0);
#endif
TEST_CF_PUBLIC(&c, sizeof(c));
TEST_CF_PUBLIC(&t, sizeof(t));
TEST_CF_PUBLIC(&f, sizeof(f));
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:!MBEDTLS_RSA_ALT */
void mbedtls_ct_zeroize_if(char *c_str, int len)
{
uint8_t *buf = NULL;
mbedtls_ct_condition_t c = mbedtls_ct_bool(strtoull(c_str, NULL, 16));
TEST_CALLOC(buf, len);
for (size_t i = 0; i < (size_t) len; i++) {
buf[i] = 1;
}
TEST_CF_SECRET(&c, sizeof(c));
TEST_CF_SECRET(buf, len);
mbedtls_ct_zeroize_if(c, buf, len);
TEST_CF_PUBLIC(&c, sizeof(c));
TEST_CF_PUBLIC(buf, len);
for (size_t i = 0; i < (size_t) len; i++) {
TEST_EQUAL(buf[i], c != 0 ? 0 : 1);
}
exit:
mbedtls_free(buf);
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_ct_memcmp(int same, int size, int offset)
{
uint8_t *a = NULL, *b = NULL;
ASSERT_ALLOC(a, size + offset);
ASSERT_ALLOC(b, size + offset);
TEST_CF_SECRET(a + offset, size);
TEST_CF_SECRET(b + offset, size);
TEST_CALLOC(a, size + offset);
TEST_CALLOC(b, size + offset);
/* Construct data that matches, if same == -1, otherwise
* same gives the number of bytes (after the initial offset)
@ -49,9 +193,15 @@ void mbedtls_ct_memcmp(int same, int size, int offset)
}
int reference = memcmp(a + offset, b + offset, size);
TEST_CF_SECRET(a, size + offset);
TEST_CF_SECRET(b, size + offset);
int actual = mbedtls_ct_memcmp(a + offset, b + offset, size);
TEST_CF_PUBLIC(a + offset, size);
TEST_CF_PUBLIC(b + offset, size);
TEST_CF_PUBLIC(a, size + offset);
TEST_CF_PUBLIC(b, size + offset);
TEST_CF_PUBLIC(&actual, sizeof(actual));
if (same == -1 || same >= size) {
TEST_ASSERT(reference == 0);
@ -66,67 +216,147 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_MAC */
void mbedtls_ct_memcpy_if_eq(int eq, int size, int offset)
/* BEGIN_CASE */
void mbedtls_ct_memcpy_if(int eq, int size, int offset)
{
uint8_t *src = NULL, *result = NULL, *expected = NULL;
ASSERT_ALLOC(src, size + offset);
ASSERT_ALLOC(result, size + offset);
ASSERT_ALLOC(expected, size + offset);
uint8_t *src = NULL, *src2 = NULL, *result = NULL, *expected = NULL;
TEST_CALLOC(src, size + offset);
TEST_CALLOC(src2, size + offset);
TEST_CALLOC(result, size + offset);
TEST_CALLOC(expected, size + offset);
/* Apply offset to result only */
for (int i = 0; i < size + offset; i++) {
src[i] = 1;
result[i] = 0xff;
expected[i] = eq ? 1 : 0xff;
}
int secret_eq = eq;
TEST_CF_SECRET(&secret_eq, sizeof(secret_eq));
TEST_CF_SECRET(src, size + offset);
TEST_CF_SECRET(result, size + offset);
mbedtls_ct_memcpy_if(mbedtls_ct_bool(secret_eq), result + offset, src, NULL, size);
TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq));
TEST_CF_PUBLIC(src, size + offset);
TEST_CF_PUBLIC(result, size + offset);
TEST_MEMORY_COMPARE(expected, size, result + offset, size);
/* Apply offset to src only */
for (int i = 0; i < size + offset; i++) {
src[i] = 1;
result[i] = 0xff;
expected[i] = eq ? 1 : 0xff;
}
int one, secret_eq;
TEST_CF_SECRET(&one, sizeof(one));
TEST_CF_SECRET(&secret_eq, sizeof(secret_eq));
one = 1;
secret_eq = eq;
TEST_CF_SECRET(&secret_eq, sizeof(secret_eq));
TEST_CF_SECRET(src, size + offset);
TEST_CF_SECRET(result, size + offset);
mbedtls_ct_memcpy_if_eq(result + offset, src, size, secret_eq, one);
mbedtls_ct_memcpy_if(mbedtls_ct_bool(secret_eq), result, src + offset, NULL, size);
TEST_CF_PUBLIC(&one, sizeof(one));
TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq));
TEST_CF_PUBLIC(src, size + offset);
TEST_CF_PUBLIC(result, size + offset);
ASSERT_COMPARE(expected, size, result + offset, size);
TEST_MEMORY_COMPARE(expected, size, result, size);
/* Apply offset to src and src2 */
for (int i = 0; i < size + offset; i++) {
src[i] = 1;
result[i] = 0xff;
expected[i] = eq ? 1 : 0xff;
src[i] = 1;
src2[i] = 2;
result[i] = 0xff;
expected[i] = eq ? 1 : 2;
}
TEST_CF_SECRET(&one, sizeof(one));
TEST_CF_SECRET(&secret_eq, sizeof(secret_eq));
one = 1;
secret_eq = eq;
TEST_CF_SECRET(&secret_eq, sizeof(secret_eq));
TEST_CF_SECRET(src, size + offset);
TEST_CF_SECRET(src2, size + offset);
TEST_CF_SECRET(result, size + offset);
mbedtls_ct_memcpy_if_eq(result, src + offset, size, secret_eq, one);
mbedtls_ct_memcpy_if(mbedtls_ct_bool(secret_eq), result, src + offset, src2 + offset, size);
TEST_CF_PUBLIC(&one, sizeof(one));
TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq));
TEST_CF_PUBLIC(src, size + offset);
TEST_CF_SECRET(src2, size + offset);
TEST_CF_PUBLIC(result, size + offset);
ASSERT_COMPARE(expected, size, result, size);
TEST_MEMORY_COMPARE(expected, size, result, size);
/* result == src == dest */
for (int i = 0; i < size + offset; i++) {
src[i] = 2;
expected[i] = 2;
}
TEST_CF_SECRET(&secret_eq, sizeof(secret_eq));
TEST_CF_SECRET(src, size + offset);
TEST_CF_SECRET(result, size + offset);
mbedtls_ct_memcpy_if(mbedtls_ct_bool(secret_eq), src + offset, src + offset, src + offset,
size);
TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq));
TEST_CF_PUBLIC(src, size + offset);
TEST_CF_PUBLIC(result, size + offset);
TEST_MEMORY_COMPARE(expected, size, src + offset, size);
exit:
mbedtls_free(src);
mbedtls_free(src2);
mbedtls_free(result);
mbedtls_free(expected);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
void ssl_cf_memcpy_offset(int offset_min, int offset_max, int len)
/* BEGIN_CASE depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:!MBEDTLS_RSA_ALT */
void mbedtls_ct_memmove_left(int len, int offset)
{
size_t l = (size_t) len;
size_t o = (size_t) offset;
uint8_t *buf = NULL, *buf_expected = NULL;
TEST_CALLOC(buf, l);
TEST_CALLOC(buf_expected, l);
for (size_t i = 0; i < l; i++) {
buf[i] = (uint8_t) i;
buf_expected[i] = buf[i];
}
TEST_CF_SECRET(&o, sizeof(o));
TEST_CF_SECRET(buf, l);
mbedtls_ct_memmove_left(buf, l, o);
TEST_CF_PUBLIC(&o, sizeof(o));
TEST_CF_PUBLIC(buf, l);
if (l > 0) {
memmove(buf_expected, buf_expected + o, l - o);
memset(buf_expected + (l - o), 0, o);
TEST_ASSERT(memcmp(buf, buf_expected, l) == 0);
}
exit:
mbedtls_free(buf);
mbedtls_free(buf_expected);
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_ct_memcpy_offset(int offset_min, int offset_max, int len)
{
unsigned char *dst = NULL;
unsigned char *src = NULL;
size_t src_len = offset_max + len;
size_t secret;
ASSERT_ALLOC(dst, len);
ASSERT_ALLOC(src, src_len);
TEST_CALLOC(dst, len);
TEST_CALLOC(src, src_len);
/* Fill src in a way that we can detect if we copied the right bytes */
mbedtls_test_rnd_std_rand(NULL, src, src_len);
@ -135,12 +365,15 @@ void ssl_cf_memcpy_offset(int offset_min, int offset_max, int len)
mbedtls_test_set_step((int) secret);
TEST_CF_SECRET(&secret, sizeof(secret));
TEST_CF_SECRET(src, len);
TEST_CF_SECRET(dst, len);
mbedtls_ct_memcpy_offset(dst, src, secret,
offset_min, offset_max, len);
TEST_CF_PUBLIC(&secret, sizeof(secret));
TEST_CF_PUBLIC(src, len);
TEST_CF_PUBLIC(dst, len);
ASSERT_COMPARE(dst, len, src + secret, len);
TEST_MEMORY_COMPARE(dst, len, src + secret, len);
}
exit:

8
tests/suites/test_suite_constant_time_hmac.function
View File

@ -8,7 +8,7 @@
#include <test/constant_flow.h>
/* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_MAC:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
void ssl_cf_hmac(int hash)
{
/*
@ -58,7 +58,7 @@ void ssl_cf_hmac(int hash)
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Use allocated out buffer to catch overwrites */
ASSERT_ALLOC(out, out_len);
TEST_CALLOC(out, out_len);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Set up dummy key */
@ -85,7 +85,7 @@ void ssl_cf_hmac(int hash)
mbedtls_test_set_step(max_in_len * 10000);
/* Use allocated in buffer to catch overreads */
ASSERT_ALLOC(data, max_in_len);
TEST_CALLOC(data, max_in_len);
min_in_len = max_in_len > 255 ? max_in_len - 255 : 0;
for (in_len = min_in_len; in_len <= max_in_len; in_len++) {
@ -133,7 +133,7 @@ void ssl_cf_hmac(int hash)
TEST_EQUAL(0, mbedtls_md_hmac_reset(&ref_ctx));
/* Compare */
ASSERT_COMPARE(out, out_len, ref_out, out_len);
TEST_MEMORY_COMPARE(out, out_len, ref_out, out_len);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}

26
tests/suites/test_suite_ecp.data
View File

@ -677,55 +677,55 @@ depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":0:1
ECP mod p192 small (more than 192 bits, less limbs than 2 * 192 bits)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM
ecp_fast_mod:MBEDTLS_ECP_DP_SECP192R1:"0100000000000103010000000000010201000000000001010100000000000100"
ECP mod p192 readable
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM
ecp_fast_mod:MBEDTLS_ECP_DP_SECP192R1:"010000000000010501000000000001040100000000000103010000000000010201000000000001010100000000000100"
ECP mod p192 readable with carry
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM
ecp_fast_mod:MBEDTLS_ECP_DP_SECP192R1:"FF00000000010500FF00000000010400FF00000000010300FF00000000010200FF00000000010100FF00000000010000"
ECP mod p192 random
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM
ecp_fast_mod:MBEDTLS_ECP_DP_SECP192R1:"36CF96B45D706A0954D89E52CE5F38517A2270E0175849B6F3740151D238CCABEF921437E475881D83BB69E4AA258EBD"
ECP mod p192 (from a past failure case)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM
ecp_fast_mod:MBEDTLS_ECP_DP_SECP192R1:"1AC2D6F96A2A425E9DD1776DD8368D4BBC86BF4964E79FEA713583BF948BBEFF0939F96FB19EC48C585BDA6A2D35C750"
ECP mod p224 readable without carry
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM
ecp_fast_mod:MBEDTLS_ECP_DP_SECP224R1:"0000000D0000000C0000000B0000000A0000000900000008000000070000FF060000FF050000FF040000FF03000FF0020000FF010000FF00"
ECP mod p224 readable with negative carry
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM
ecp_fast_mod:MBEDTLS_ECP_DP_SECP224R1:"0000000D0000000C0000000B0000000A00000009000000080000000700000006000000050000000400000003000000020000000100000000"
ECP mod p224 readable with positive carry
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM
ecp_fast_mod:MBEDTLS_ECP_DP_SECP224R1:"0000000D0000000C0000000BFFFFFF0AFFFFFF09FFFFFF08FFFFFF070000FF060000FF050000FF040000FF03000FF0020000FF010000FF00"
ECP mod p224 readable with final negative carry
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM
ecp_fast_mod:MBEDTLS_ECP_DP_SECP224R1:"FF00000D0000000C0000000B0000000A00000009000000080000000700000006000000050000000400000003000000020000000100000000"
ECP mod p521 very small
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM
ecp_fast_mod:MBEDTLS_ECP_DP_SECP521R1:"01"
ECP mod p521 small (522 bits)
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM
ecp_fast_mod:MBEDTLS_ECP_DP_SECP521R1:"030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ECP mod p521 readable
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM
ecp_fast_mod:MBEDTLS_ECP_DP_SECP521R1:"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ECP mod p521 readable with carry
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM
ecp_fast_mod:MBEDTLS_ECP_DP_SECP521R1:"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"
ECP test vectors secp192r1 rfc 5114

60
tests/suites/test_suite_ecp.function
View File

@ -538,8 +538,8 @@ void ecp_muladd(int id,
&len, actual_result, sizeof(actual_result)));
TEST_ASSERT(len <= MBEDTLS_ECP_MAX_PT_LEN);
ASSERT_COMPARE(expected_result->x, expected_result->len,
actual_result, len);
TEST_MEMORY_COMPARE(expected_result->x, expected_result->len,
actual_result, len);
exit:
mbedtls_ecp_group_free(&grp);
@ -1061,8 +1061,8 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica
ret = mbedtls_ecp_write_key(&key, buf, in_key->len);
TEST_ASSERT(ret == 0);
ASSERT_COMPARE(in_key->x, in_key->len,
buf, in_key->len);
TEST_MEMORY_COMPARE(in_key->x, in_key->len,
buf, in_key->len);
} else {
unsigned char export1[MBEDTLS_ECP_MAX_BYTES];
unsigned char export2[MBEDTLS_ECP_MAX_BYTES];
@ -1076,8 +1076,8 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica
ret = mbedtls_ecp_write_key(&key2, export2, in_key->len);
TEST_ASSERT(ret == 0);
ASSERT_COMPARE(export1, in_key->len,
export2, in_key->len);
TEST_MEMORY_COMPARE(export1, in_key->len,
export2, in_key->len);
}
}
@ -1101,7 +1101,7 @@ void genkey_mx_known_answer(int bits, data_t *seed, data_t *expected)
rnd_info.fallback_f_rng = NULL;
rnd_info.fallback_p_rng = NULL;
ASSERT_ALLOC(actual, expected->len);
TEST_CALLOC(actual, expected->len);
ret = mbedtls_ecp_gen_privkey_mx(bits, &d,
mbedtls_test_rnd_buffer_rand, &rnd_info);
@ -1123,8 +1123,8 @@ void genkey_mx_known_answer(int bits, data_t *seed, data_t *expected)
* (can be enforced by checking these bits).
* - Other bits must be random (by testing with different RNG outputs,
* we validate that those bits are indeed influenced by the RNG). */
ASSERT_COMPARE(expected->x, expected->len,
actual, expected->len);
TEST_MEMORY_COMPARE(expected->x, expected->len,
actual, expected->len);
}
exit:
@ -1267,7 +1267,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_WITH_MPI_UINT */
void ecp_mod_p_generic_raw(int curve_id,
char *input_N,
char *input_X,
@ -1379,7 +1379,7 @@ void ecp_mod_p_generic_raw(int curve_id,
TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), curve_bits);
mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m);
ASSERT_COMPARE(X, bytes, res, bytes);
TEST_MEMORY_COMPARE(X, bytes, res, bytes);
exit:
mbedtls_free(X);
@ -1390,7 +1390,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_WITH_MPI_UINT */
void ecp_mod_setup(char *input_A, int id, int ctype, int iret)
{
int ret;
@ -1420,7 +1420,7 @@ void ecp_mod_setup(char *input_A, int id, int ctype, int iret)
}
/* Compare output byte-by-byte */
ASSERT_COMPARE(p, bytes, m.p, bytes);
TEST_MEMORY_COMPARE(p, bytes, m.p, bytes);
/* Test for user free-ing allocated memory */
mbedtls_mpi_mod_modulus_free(&m);
@ -1432,7 +1432,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_WITH_MPI_UINT */
void ecp_mod_mul_inv(char *input_A, int id, int ctype)
{
size_t limbs;
@ -1456,10 +1456,10 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype)
/* Test for limb sizes */
TEST_EQUAL(m.limbs, limbs);
ASSERT_ALLOC(A_inverse, limbs);
TEST_CALLOC(A_inverse, limbs);
TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rA_inverse, &m, A_inverse, limbs));
ASSERT_ALLOC(rX_raw, limbs);
TEST_CALLOC(rX_raw, limbs);
TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs));
/* Get inverse of A mode m, and multiply it with itself,
@ -1467,15 +1467,15 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype)
TEST_EQUAL(0, mbedtls_mpi_mod_inv(&rA_inverse, &rA, &m));
TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rA_inverse, &m), 0);
ASSERT_ALLOC(bufx, limbs);
TEST_CALLOC(bufx, limbs);
TEST_EQUAL(mbedtls_mpi_mod_write(&rX, &m, (unsigned char *) bufx,
limbs * ciL,
MBEDTLS_MPI_MOD_EXT_REP_LE), 0);
ASSERT_COMPARE(bufx, ciL, one, ciL);
TEST_MEMORY_COMPARE(bufx, ciL, one, ciL);
/*Borrow the buffer of A to compare the left lims with 0 */
memset(A, 0, limbs * ciL);
ASSERT_COMPARE(&bufx[1], (limbs - 1) * ciL, A, (limbs - 1) * ciL);
TEST_MEMORY_COMPARE(&bufx[1], (limbs - 1) * ciL, A, (limbs - 1) * ciL);
exit:
mbedtls_mpi_mod_modulus_free(&m);
@ -1489,7 +1489,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_WITH_MPI_UINT */
void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype)
{
size_t p_A_limbs;
@ -1515,7 +1515,7 @@ void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype)
TEST_EQUAL(m.limbs, p_A_limbs);
bytes = p_A_limbs * ciL;
ASSERT_ALLOC(p_S, p_A_limbs);
TEST_CALLOC(p_S, p_A_limbs);
TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rA, &m, p_A, p_A_limbs), 0);
TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rB, &m, p_B, p_B_limbs), 0);
@ -1527,7 +1527,7 @@ void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype)
TEST_EQUAL(0, mbedtls_mpi_mod_sub(&rS, &rS, &rB, &m));
/* Compare difference with rA byte-by-byte */
ASSERT_COMPARE(rA.p, bytes, rS.p, bytes);
TEST_MEMORY_COMPARE(rA.p, bytes, rS.p, bytes);
exit:
mbedtls_mpi_mod_modulus_free(&m);
@ -1540,7 +1540,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_WITH_MPI_UINT */
void ecp_mod_read_write(char *input_A, int id, int ctype)
{
size_t limbs;
@ -1562,11 +1562,11 @@ void ecp_mod_read_write(char *input_A, int id, int ctype)
/* Test for limb sizes */
TEST_EQUAL(m.limbs, limbs);
ASSERT_ALLOC(rX_raw, limbs);
TEST_CALLOC(rX_raw, limbs);
TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs));
bytes = limbs * ciL;
ASSERT_ALLOC(bufx, limbs);
TEST_CALLOC(bufx, limbs);
/* Write source mod residue to a buffer, then read it back to
* the destination mod residue, compare the two mod residues.
* Firstly test little endian write and read */
@ -1577,7 +1577,7 @@ void ecp_mod_read_write(char *input_A, int id, int ctype)
bytes, MBEDTLS_MPI_MOD_EXT_REP_LE));
TEST_EQUAL(limbs, rX.limbs);
ASSERT_COMPARE(rA.p, bytes, rX.p, bytes);
TEST_MEMORY_COMPARE(rA.p, bytes, rX.p, bytes);
memset(bufx, 0x00, bytes);
memset(rX_raw, 0x00, bytes);
@ -1591,7 +1591,7 @@ void ecp_mod_read_write(char *input_A, int id, int ctype)
MBEDTLS_MPI_MOD_EXT_REP_BE));
TEST_EQUAL(limbs, rX.limbs);
ASSERT_COMPARE(rA.p, bytes, rX.p, bytes);
TEST_MEMORY_COMPARE(rA.p, bytes, rX.p, bytes);
exit:
mbedtls_mpi_mod_modulus_free(&m);
@ -1603,7 +1603,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_WITH_MPI_UINT */
void ecp_mod_random(int id, int ctype)
{
size_t limbs;
@ -1616,13 +1616,13 @@ void ecp_mod_random(int id, int ctype)
limbs = m.limbs;
ASSERT_ALLOC(rX_raw, limbs);
TEST_CALLOC(rX_raw, limbs);
TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs));
TEST_EQUAL(0, mbedtls_mpi_mod_random(&rX, 1, &m,
mbedtls_test_rnd_std_rand, NULL));
TEST_ASSERT(mbedtls_mpi_core_lt_ct(rX.p, m.p, limbs) == 1);
TEST_ASSERT(mbedtls_mpi_core_lt_ct(rX.p, m.p, limbs) == MBEDTLS_CT_TRUE);
exit:
mbedtls_mpi_mod_modulus_free(&m);

2
tests/suites/test_suite_entropy.function
View File

@ -135,7 +135,7 @@ int read_nv_seed(unsigned char *buf, size_t buf_len)
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_ENTROPY_C
* depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_PSA_INJECT_ENTROPY
* END_DEPENDENCIES
*/

36
tests/suites/test_suite_gcm.function
View File

@ -33,26 +33,26 @@ static int check_multipart(mbedtls_gcm_context *ctx,
/* Allocate a tight buffer for each update call. This way, if the function
* tries to write beyond the advertised required buffer size, this will
* count as an overflow for memory sanitizers and static checkers. */
ASSERT_ALLOC(output, n1);
TEST_CALLOC(output, n1);
olen = 0xdeadbeef;
TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x, n1, output, n1, &olen));
TEST_EQUAL(n1, olen);
ASSERT_COMPARE(output, olen, expected_output->x, n1);
TEST_MEMORY_COMPARE(output, olen, expected_output->x, n1);
mbedtls_free(output);
output = NULL;
ASSERT_ALLOC(output, n2);
TEST_CALLOC(output, n2);
olen = 0xdeadbeef;
TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x + n1, n2, output, n2, &olen));
TEST_EQUAL(n2, olen);
ASSERT_COMPARE(output, olen, expected_output->x + n1, n2);
TEST_MEMORY_COMPARE(output, olen, expected_output->x + n1, n2);
mbedtls_free(output);
output = NULL;
ASSERT_ALLOC(output, tag->len);
TEST_CALLOC(output, tag->len);
TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len));
TEST_EQUAL(0, olen);
ASSERT_COMPARE(output, tag->len, tag->x, tag->len);
TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len);
mbedtls_free(output);
output = NULL;
@ -87,18 +87,18 @@ static void check_cipher_with_empty_ad(mbedtls_gcm_context *ctx,
/* Allocate a tight buffer for each update call. This way, if the function
* tries to write beyond the advertised required buffer size, this will
* count as an overflow for memory sanitizers and static checkers. */
ASSERT_ALLOC(output, input->len);
TEST_CALLOC(output, input->len);
olen = 0xdeadbeef;
TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x, input->len, output, input->len, &olen));
TEST_EQUAL(input->len, olen);
ASSERT_COMPARE(output, olen, expected_output->x, input->len);
TEST_MEMORY_COMPARE(output, olen, expected_output->x, input->len);
mbedtls_free(output);
output = NULL;
ASSERT_ALLOC(output, tag->len);
TEST_CALLOC(output, tag->len);
TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len));
TEST_EQUAL(0, olen);
ASSERT_COMPARE(output, tag->len, tag->x, tag->len);
TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len);
exit:
mbedtls_free(output);
@ -124,11 +124,11 @@ static void check_empty_cipher_with_ad(mbedtls_gcm_context *ctx,
TEST_EQUAL(0, olen);
}
ASSERT_ALLOC(output_tag, tag->len);
TEST_CALLOC(output_tag, tag->len);
TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen,
output_tag, tag->len));
TEST_EQUAL(0, olen);
ASSERT_COMPARE(output_tag, tag->len, tag->x, tag->len);
TEST_MEMORY_COMPARE(output_tag, tag->len, tag->x, tag->len);
exit:
mbedtls_free(output_tag);
@ -144,10 +144,10 @@ static void check_no_cipher_no_ad(mbedtls_gcm_context *ctx,
TEST_EQUAL(0, mbedtls_gcm_starts(ctx, mode,
iv->x, iv->len));
ASSERT_ALLOC(output, tag->len);
TEST_CALLOC(output, tag->len);
TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len));
TEST_EQUAL(0, olen);
ASSERT_COMPARE(output, tag->len, tag->x, tag->len);
TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len);
exit:
mbedtls_free(output);
@ -212,8 +212,8 @@ void gcm_encrypt_and_tag(int cipher_id, data_t *key_str,
iv_str->len, add_str->x, add_str->len, src_str->x,
output, tag_len, tag_output) == 0);
ASSERT_COMPARE(output, src_str->len, dst->x, dst->len);
ASSERT_COMPARE(tag_output, tag_len, tag->x, tag->len);
TEST_MEMORY_COMPARE(output, src_str->len, dst->x, dst->len);
TEST_MEMORY_COMPARE(tag_output, tag_len, tag->x, tag->len);
for (n1 = 0; n1 <= src_str->len; n1 += 1) {
for (n1_add = 0; n1_add <= add_str->len; n1_add += 1) {
@ -269,7 +269,7 @@ void gcm_decrypt_and_verify(int cipher_id, data_t *key_str,
TEST_ASSERT(ret == MBEDTLS_ERR_GCM_AUTH_FAILED);
} else {
TEST_ASSERT(ret == 0);
ASSERT_COMPARE(output, src_str->len, pt_result->x, pt_result->len);
TEST_MEMORY_COMPARE(output, src_str->len, pt_result->x, pt_result->len);
for (n1 = 0; n1 <= src_str->len; n1 += 1) {
for (n1_add = 0; n1_add <= add_str->len; n1_add += 1) {
@ -448,7 +448,7 @@ void gcm_update_output_buffer_too_small(int cipher_id, int mode,
TEST_EQUAL(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8), 0);
TEST_EQUAL(0, mbedtls_gcm_starts(&ctx, mode, iv->x, iv->len));
ASSERT_ALLOC(output, output_len);
TEST_CALLOC(output, output_len);
TEST_EQUAL(MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL,
mbedtls_gcm_update(&ctx, input->x, input->len, output, output_len, &olen));

18
tests/suites/test_suite_hkdf.function
View File

@ -26,8 +26,8 @@ void test_hkdf(int md_alg, data_t *ikm, data_t *salt, data_t *info,
info->x, info->len, okm, expected_okm->len);
TEST_ASSERT(ret == 0);
ASSERT_COMPARE(okm, expected_okm->len,
expected_okm->x, expected_okm->len);
TEST_MEMORY_COMPARE(okm, expected_okm->len,
expected_okm->x, expected_okm->len);
exit:
MD_PSA_DONE();
@ -50,13 +50,13 @@ void test_hkdf_extract(int md_alg,
TEST_ASSERT(md != NULL);
output_prk_len = mbedtls_md_get_size(md);
ASSERT_ALLOC(output_prk, output_prk_len);
TEST_CALLOC(output_prk, output_prk_len);
ret = mbedtls_hkdf_extract(md, salt->x, salt->len,
ikm->x, ikm->len, output_prk);
TEST_ASSERT(ret == 0);
ASSERT_COMPARE(output_prk, output_prk_len, prk->x, prk->len);
TEST_MEMORY_COMPARE(output_prk, output_prk_len, prk->x, prk->len);
exit:
mbedtls_free(output_prk);
@ -79,7 +79,7 @@ void test_hkdf_expand(int md_alg,
const mbedtls_md_info_t *md = mbedtls_md_info_from_type(md_alg);
TEST_ASSERT(md != NULL);
ASSERT_ALLOC(output_okm, OKM_LEN);
TEST_CALLOC(output_okm, OKM_LEN);
TEST_ASSERT(prk->len == mbedtls_md_get_size(md));
TEST_ASSERT(okm->len < OKM_LEN);
@ -88,7 +88,7 @@ void test_hkdf_expand(int md_alg,
info->x, info->len,
output_okm, OKM_LEN);
TEST_ASSERT(ret == 0);
ASSERT_COMPARE(output_okm, okm->len, okm->x, okm->len);
TEST_MEMORY_COMPARE(output_okm, okm->len, okm->x, okm->len);
exit:
mbedtls_free(output_okm);
@ -110,7 +110,7 @@ void test_hkdf_extract_ret(int hash_len, int ret)
fake_md_info.type = MBEDTLS_MD_NONE;
fake_md_info.size = hash_len;
ASSERT_ALLOC(prk, MBEDTLS_MD_MAX_SIZE);
TEST_CALLOC(prk, MBEDTLS_MD_MAX_SIZE);
salt_len = 0;
ikm_len = 0;
@ -140,11 +140,11 @@ void test_hkdf_expand_ret(int hash_len, int prk_len, int okm_len, int ret)
info_len = 0;
if (prk_len > 0) {
ASSERT_ALLOC(prk, prk_len);
TEST_CALLOC(prk, prk_len);
}
if (okm_len > 0) {
ASSERT_ALLOC(okm, okm_len);
TEST_CALLOC(okm, okm_len);
}
output_ret = mbedtls_hkdf_expand(&fake_md_info, prk, prk_len,

16
tests/suites/test_suite_lmots.function
View File

@ -122,7 +122,7 @@ void lmots_verify_test(data_t *msg, data_t *sig, data_t *pub_key,
continue;
}
ASSERT_ALLOC(tmp_sig, size);
TEST_CALLOC(tmp_sig, size);
if (tmp_sig != NULL) {
memcpy(tmp_sig, sig->x, MIN(size, sig->len));
}
@ -154,7 +154,7 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc)
if (expected_import_rc == 0) {
exported_pub_key_buf_size = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8);
ASSERT_ALLOC(exported_pub_key, exported_pub_key_buf_size);
TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size);
TEST_EQUAL(mbedtls_lmots_export_public_key(&ctx, exported_pub_key,
exported_pub_key_buf_size,
@ -162,14 +162,14 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc)
TEST_EQUAL(exported_pub_key_size,
MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8));
ASSERT_COMPARE(pub_key->x, pub_key->len,
exported_pub_key, exported_pub_key_size);
TEST_MEMORY_COMPARE(pub_key->x, pub_key->len,
exported_pub_key, exported_pub_key_size);
mbedtls_free(exported_pub_key);
exported_pub_key = NULL;
/* Export into too-small buffer should fail */
exported_pub_key_buf_size = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8) - 1;
ASSERT_ALLOC(exported_pub_key, exported_pub_key_buf_size);
TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size);
TEST_EQUAL(mbedtls_lmots_export_public_key(&ctx, exported_pub_key,
exported_pub_key_buf_size, NULL),
MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL);
@ -178,13 +178,13 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc)
/* Export into too-large buffer should succeed */
exported_pub_key_buf_size = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8) + 1;
ASSERT_ALLOC(exported_pub_key, exported_pub_key_buf_size);
TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size);
TEST_EQUAL(mbedtls_lmots_export_public_key(&ctx, exported_pub_key,
exported_pub_key_buf_size,
&exported_pub_key_size),
0);
ASSERT_COMPARE(pub_key->x, pub_key->len,
exported_pub_key, exported_pub_key_size);
TEST_MEMORY_COMPARE(pub_key->x, pub_key->len,
exported_pub_key, exported_pub_key_size);
mbedtls_free(exported_pub_key);
exported_pub_key = NULL;
}

16
tests/suites/test_suite_lms.function
View File

@ -124,7 +124,7 @@ void lms_verify_test(data_t *msg, data_t *sig, data_t *pub_key,
continue;
}
ASSERT_ALLOC(tmp_sig, size);
TEST_CALLOC(tmp_sig, size);
if (tmp_sig != NULL) {
memcpy(tmp_sig, sig->x, MIN(size, sig->len));
}
@ -156,7 +156,7 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc)
if (expected_import_rc == 0) {
exported_pub_key_buf_size = MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10);
ASSERT_ALLOC(exported_pub_key, exported_pub_key_buf_size);
TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size);
TEST_EQUAL(mbedtls_lms_export_public_key(&ctx, exported_pub_key,
exported_pub_key_buf_size,
@ -164,14 +164,14 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc)
TEST_EQUAL(exported_pub_key_size,
MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10));
ASSERT_COMPARE(pub_key->x, pub_key->len,
exported_pub_key, exported_pub_key_size);
TEST_MEMORY_COMPARE(pub_key->x, pub_key->len,
exported_pub_key, exported_pub_key_size);
mbedtls_free(exported_pub_key);
exported_pub_key = NULL;
/* Export into too-small buffer should fail */
exported_pub_key_buf_size = MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10) - 1;
ASSERT_ALLOC(exported_pub_key, exported_pub_key_buf_size);
TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size);
TEST_EQUAL(mbedtls_lms_export_public_key(&ctx, exported_pub_key,
exported_pub_key_buf_size, NULL),
MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL);
@ -180,13 +180,13 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc)
/* Export into too-large buffer should succeed */
exported_pub_key_buf_size = MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10) + 1;
ASSERT_ALLOC(exported_pub_key, exported_pub_key_buf_size);
TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size);
TEST_EQUAL(mbedtls_lms_export_public_key(&ctx, exported_pub_key,
exported_pub_key_buf_size,
&exported_pub_key_size),
0);
ASSERT_COMPARE(pub_key->x, pub_key->len,
exported_pub_key, exported_pub_key_size);
TEST_MEMORY_COMPARE(pub_key->x, pub_key->len,
exported_pub_key, exported_pub_key_size);
mbedtls_free(exported_pub_key);
exported_pub_key = NULL;
}

Some files were not shown because too many files have changed in this diff Show More