lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-07 06:42:56 +03:00
Code Activity

Flatten out mbedtls_test_ssl_endpoint_certificate structure

Browse Source 
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2025-05-26 21:57:52 +02:00
parent 353eb33d0c
commit b6bb3fb6ef
2 changed files with 48 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
tests/include/test/ssl_helpers.h
View File

@@ -186,15 +186,6 @@ typedef struct mbedtls_test_message_socket_context {
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/*
* Structure with endpoint's certificates for SSL communication tests.
*/
typedef struct mbedtls_test_ssl_endpoint_certificate {
mbedtls_x509_crt *ca_cert;
mbedtls_x509_crt *cert;
mbedtls_pk_context *pkey;
} mbedtls_test_ssl_endpoint_certificate;
/* /*
* Endpoint structure for SSL communication tests. * Endpoint structure for SSL communication tests.
*/ */
@@ -203,7 +194,11 @@ typedef struct mbedtls_test_ssl_endpoint {
mbedtls_ssl_context ssl; mbedtls_ssl_context ssl;
mbedtls_ssl_config conf; mbedtls_ssl_config conf;
mbedtls_test_mock_socket socket; mbedtls_test_mock_socket socket;
mbedtls_test_ssl_endpoint_certificate cert;
/* Objects owned by the endpoint */
mbedtls_x509_crt *ca_chain;
mbedtls_x509_crt *cert;
mbedtls_pk_context *pkey;
} mbedtls_test_ssl_endpoint; } mbedtls_test_ssl_endpoint;
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
@@ -432,8 +427,7 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx,
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/* /*
* Initializes \p ep_cert structure and assigns it to endpoint * Load default CA certificates and endpoint keys into \p ep.
* represented by \p ep.
* *
* \retval 0 on success, otherwise error code. * \retval 0 on success, otherwise error code.
*/ */

89
tests/src/test_helpers/ssl_helpers.c
View File

@@ -579,28 +579,25 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx,
*/ */
static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep)
{ {
mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert); if (ep->ca_chain != NULL) {
if (cert != NULL) { mbedtls_x509_crt_free(ep->ca_chain);
if (cert->ca_cert != NULL) { mbedtls_free(ep->ca_chain);
mbedtls_x509_crt_free(cert->ca_cert); ep->ca_chain = NULL;
mbedtls_free(cert->ca_cert); }
cert->ca_cert = NULL; if (ep->cert != NULL) {
} mbedtls_x509_crt_free(ep->cert);
if (cert->cert != NULL) { mbedtls_free(ep->cert);
mbedtls_x509_crt_free(cert->cert); ep->cert = NULL;
mbedtls_free(cert->cert); }
cert->cert = NULL; if (ep->pkey != NULL) {
}
if (cert->pkey != NULL) {
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) { if (mbedtls_pk_get_type(ep->pkey) == MBEDTLS_PK_OPAQUE) {
psa_destroy_key(cert->pkey->priv_id); psa_destroy_key(ep->pkey->priv_id);
}
#endif
mbedtls_pk_free(cert->pkey);
mbedtls_free(cert->pkey);
cert->pkey = NULL;
} }
#endif
mbedtls_pk_free(ep->pkey);
mbedtls_free(ep->pkey);
ep->pkey = NULL;
} }
} }
@@ -612,7 +609,6 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
int i = 0; int i = 0;
int ret = -1; int ret = -1;
int ok = 0; int ok = 0;
mbedtls_test_ssl_endpoint_certificate *cert = NULL;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT;
#endif #endif
@@ -621,20 +617,19 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
} }
cert = &(ep->cert); TEST_CALLOC(ep->ca_chain, 1);
TEST_CALLOC(cert->ca_cert, 1); TEST_CALLOC(ep->cert, 1);
TEST_CALLOC(cert->cert, 1); TEST_CALLOC(ep->pkey, 1);
TEST_CALLOC(cert->pkey, 1);
mbedtls_x509_crt_init(cert->ca_cert); mbedtls_x509_crt_init(ep->ca_chain);
mbedtls_x509_crt_init(cert->cert); mbedtls_x509_crt_init(ep->cert);
mbedtls_pk_init(cert->pkey); mbedtls_pk_init(ep->pkey);
/* Load the trusted CA */ /* Load the trusted CA */
for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) {
ret = mbedtls_x509_crt_parse_der( ret = mbedtls_x509_crt_parse_der(
cert->ca_cert, ep->ca_chain,
(const unsigned char *) mbedtls_test_cas_der[i], (const unsigned char *) mbedtls_test_cas_der[i],
mbedtls_test_cas_der_len[i]); mbedtls_test_cas_der_len[i]);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
@@ -645,25 +640,25 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) {
if (pk_alg == MBEDTLS_PK_RSA) { if (pk_alg == MBEDTLS_PK_RSA) {
ret = mbedtls_x509_crt_parse( ret = mbedtls_x509_crt_parse(
cert->cert, ep->cert,
(const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der,
mbedtls_test_srv_crt_rsa_sha256_der_len); mbedtls_test_srv_crt_rsa_sha256_der_len);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
ret = mbedtls_pk_parse_key( ret = mbedtls_pk_parse_key(
cert->pkey, ep->pkey,
(const unsigned char *) mbedtls_test_srv_key_rsa_der, (const unsigned char *) mbedtls_test_srv_key_rsa_der,
mbedtls_test_srv_key_rsa_der_len, NULL, 0); mbedtls_test_srv_key_rsa_der_len, NULL, 0);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
} else { } else {
ret = mbedtls_x509_crt_parse( ret = mbedtls_x509_crt_parse(
cert->cert, ep->cert,
(const unsigned char *) mbedtls_test_srv_crt_ec_der, (const unsigned char *) mbedtls_test_srv_crt_ec_der,
mbedtls_test_srv_crt_ec_der_len); mbedtls_test_srv_crt_ec_der_len);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
ret = mbedtls_pk_parse_key( ret = mbedtls_pk_parse_key(
cert->pkey, ep->pkey,
(const unsigned char *) mbedtls_test_srv_key_ec_der, (const unsigned char *) mbedtls_test_srv_key_ec_der,
mbedtls_test_srv_key_ec_der_len, NULL, 0); mbedtls_test_srv_key_ec_der_len, NULL, 0);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
@@ -671,25 +666,25 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
} else { } else {
if (pk_alg == MBEDTLS_PK_RSA) { if (pk_alg == MBEDTLS_PK_RSA) {
ret = mbedtls_x509_crt_parse( ret = mbedtls_x509_crt_parse(
cert->cert, ep->cert,
(const unsigned char *) mbedtls_test_cli_crt_rsa_der, (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
mbedtls_test_cli_crt_rsa_der_len); mbedtls_test_cli_crt_rsa_der_len);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
ret = mbedtls_pk_parse_key( ret = mbedtls_pk_parse_key(
cert->pkey, ep->pkey,
(const unsigned char *) mbedtls_test_cli_key_rsa_der, (const unsigned char *) mbedtls_test_cli_key_rsa_der,
mbedtls_test_cli_key_rsa_der_len, NULL, 0); mbedtls_test_cli_key_rsa_der_len, NULL, 0);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
} else { } else {
ret = mbedtls_x509_crt_parse( ret = mbedtls_x509_crt_parse(
cert->cert, ep->cert,
(const unsigned char *) mbedtls_test_cli_crt_ec_der, (const unsigned char *) mbedtls_test_cli_crt_ec_der,
mbedtls_test_cli_crt_ec_len); mbedtls_test_cli_crt_ec_len);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
ret = mbedtls_pk_parse_key( ret = mbedtls_pk_parse_key(
cert->pkey, ep->pkey,
(const unsigned char *) mbedtls_test_cli_key_ec_der, (const unsigned char *) mbedtls_test_cli_key_ec_der,
mbedtls_test_cli_key_ec_der_len, NULL, 0); mbedtls_test_cli_key_ec_der_len, NULL, 0);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
@@ -700,7 +695,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
if (opaque_alg != 0) { if (opaque_alg != 0) {
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
/* Use a fake key usage to get a successful initial guess for the PSA attributes. */ /* Use a fake key usage to get a successful initial guess for the PSA attributes. */
TEST_EQUAL(mbedtls_pk_get_psa_attributes(cert->pkey, PSA_KEY_USAGE_SIGN_HASH, TEST_EQUAL(mbedtls_pk_get_psa_attributes(ep->pkey, PSA_KEY_USAGE_SIGN_HASH,
&key_attr), 0); &key_attr), 0);
/* Then manually usage, alg and alg2 as requested by the test. */ /* Then manually usage, alg and alg2 as requested by the test. */
psa_set_key_usage_flags(&key_attr, opaque_usage); psa_set_key_usage_flags(&key_attr, opaque_usage);
@@ -708,10 +703,10 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
if (opaque_alg2 != PSA_ALG_NONE) { if (opaque_alg2 != PSA_ALG_NONE) {
psa_set_key_enrollment_algorithm(&key_attr, opaque_alg2); psa_set_key_enrollment_algorithm(&key_attr, opaque_alg2);
} }
TEST_EQUAL(mbedtls_pk_import_into_psa(cert->pkey, &key_attr, &key_slot), 0); TEST_EQUAL(mbedtls_pk_import_into_psa(ep->pkey, &key_attr, &key_slot), 0);
mbedtls_pk_free(cert->pkey); mbedtls_pk_free(ep->pkey);
mbedtls_pk_init(cert->pkey); mbedtls_pk_init(ep->pkey);
TEST_EQUAL(mbedtls_pk_setup_opaque(cert->pkey, key_slot), 0); TEST_EQUAL(mbedtls_pk_setup_opaque(ep->pkey, key_slot), 0);
} }
#else #else
(void) opaque_alg; (void) opaque_alg;
@@ -719,10 +714,10 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
(void) opaque_usage; (void) opaque_usage;
#endif #endif
mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL); mbedtls_ssl_conf_ca_chain(&(ep->conf), ep->ca_chain, NULL);
ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, ret = mbedtls_ssl_conf_own_cert(&(ep->conf), ep->cert,
cert->pkey); ep->pkey);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
TEST_ASSERT(ep->conf.key_cert != NULL); TEST_ASSERT(ep->conf.key_cert != NULL);
@@ -730,8 +725,8 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
TEST_ASSERT(ep->conf.key_cert == NULL); TEST_ASSERT(ep->conf.key_cert == NULL);
ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, ret = mbedtls_ssl_conf_own_cert(&(ep->conf), ep->cert,
cert->pkey); ep->pkey);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
ok = 1; ok = 1;