PolarSSL v1.2.5
test_suite_x509parse.c
Go to the documentation of this file.
1 #include "fct.h"
2 
3 #include <polarssl/x509.h>
4 #include <polarssl/pem.h>
5 
6 int verify_none( void *data, x509_cert *crt, int certificate_depth, int *flags )
7 {
8  ((void) data);
9  ((void) crt);
10  ((void) certificate_depth);
11  *flags |= BADCERT_OTHER;
12 
13  return 0;
14 }
15 
16 int verify_all( void *data, x509_cert *crt, int certificate_depth, int *flags )
17 {
18  ((void) data);
19  ((void) crt);
20  ((void) certificate_depth);
21  *flags = 0;
22 
23  return 0;
24 }
25 
26 
27 #include <polarssl/config.h>
28 
29 #ifdef _MSC_VER
30 #include <basetsd.h>
31 typedef UINT32 uint32_t;
32 #else
33 #include <inttypes.h>
34 #endif
35 
36 /*
37  * 32-bit integer manipulation macros (big endian)
38  */
39 #ifndef GET_UINT32_BE
40 #define GET_UINT32_BE(n,b,i) \
41 { \
42  (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
43  | ( (uint32_t) (b)[(i) + 1] << 16 ) \
44  | ( (uint32_t) (b)[(i) + 2] << 8 ) \
45  | ( (uint32_t) (b)[(i) + 3] ); \
46 }
47 #endif
48 
49 #ifndef PUT_UINT32_BE
50 #define PUT_UINT32_BE(n,b,i) \
51 { \
52  (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
53  (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
54  (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
55  (b)[(i) + 3] = (unsigned char) ( (n) ); \
56 }
57 #endif
58 
59 int unhexify(unsigned char *obuf, const char *ibuf)
60 {
61  unsigned char c, c2;
62  int len = strlen(ibuf) / 2;
63  assert(!(strlen(ibuf) %1)); // must be even number of bytes
64 
65  while (*ibuf != 0)
66  {
67  c = *ibuf++;
68  if( c >= '0' && c <= '9' )
69  c -= '0';
70  else if( c >= 'a' && c <= 'f' )
71  c -= 'a' - 10;
72  else if( c >= 'A' && c <= 'F' )
73  c -= 'A' - 10;
74  else
75  assert( 0 );
76 
77  c2 = *ibuf++;
78  if( c2 >= '0' && c2 <= '9' )
79  c2 -= '0';
80  else if( c2 >= 'a' && c2 <= 'f' )
81  c2 -= 'a' - 10;
82  else if( c2 >= 'A' && c2 <= 'F' )
83  c2 -= 'A' - 10;
84  else
85  assert( 0 );
86 
87  *obuf++ = ( c << 4 ) | c2;
88  }
89 
90  return len;
91 }
92 
93 void hexify(unsigned char *obuf, const unsigned char *ibuf, int len)
94 {
95  unsigned char l, h;
96 
97  while (len != 0)
98  {
99  h = (*ibuf) / 16;
100  l = (*ibuf) % 16;
101 
102  if( h < 10 )
103  *obuf++ = '0' + h;
104  else
105  *obuf++ = 'a' + h - 10;
106 
107  if( l < 10 )
108  *obuf++ = '0' + l;
109  else
110  *obuf++ = 'a' + l - 10;
111 
112  ++ibuf;
113  len--;
114  }
115 }
116 
126 static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len )
127 {
128  size_t i;
129 
130  if( rng_state != NULL )
131  rng_state = NULL;
132 
133  for( i = 0; i < len; ++i )
134  output[i] = rand();
135 
136  return( 0 );
137 }
138 
144 static int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len )
145 {
146  if( rng_state != NULL )
147  rng_state = NULL;
148 
149  memset( output, 0, len );
150 
151  return( 0 );
152 }
153 
154 typedef struct
155 {
156  unsigned char *buf;
157  size_t length;
158 } rnd_buf_info;
159 
171 static int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len )
172 {
173  rnd_buf_info *info = (rnd_buf_info *) rng_state;
174  size_t use_len;
175 
176  if( rng_state == NULL )
177  return( rnd_std_rand( NULL, output, len ) );
178 
179  use_len = len;
180  if( len > info->length )
181  use_len = info->length;
182 
183  if( use_len )
184  {
185  memcpy( output, info->buf, use_len );
186  info->buf += use_len;
187  info->length -= use_len;
188  }
189 
190  if( len - use_len > 0 )
191  return( rnd_std_rand( NULL, output + use_len, len - use_len ) );
192 
193  return( 0 );
194 }
195 
203 typedef struct
204 {
205  uint32_t key[16];
206  uint32_t v0, v1;
208 
217 static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
218 {
219  rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state;
220  uint32_t i, *k, sum, delta=0x9E3779B9;
221  unsigned char result[4];
222 
223  if( rng_state == NULL )
224  return( rnd_std_rand( NULL, output, len ) );
225 
226  k = info->key;
227 
228  while( len > 0 )
229  {
230  size_t use_len = ( len > 4 ) ? 4 : len;
231  sum = 0;
232 
233  for( i = 0; i < 32; i++ )
234  {
235  info->v0 += (((info->v1 << 4) ^ (info->v1 >> 5)) + info->v1) ^ (sum + k[sum & 3]);
236  sum += delta;
237  info->v1 += (((info->v0 << 4) ^ (info->v0 >> 5)) + info->v0) ^ (sum + k[(sum>>11) & 3]);
238  }
239 
240  PUT_UINT32_BE( info->v0, result, 0 );
241  memcpy( output, result, use_len );
242  len -= use_len;
243  }
244 
245  return( 0 );
246 }
247 
248 
250 {
251 #ifdef POLARSSL_X509_PARSE_C
252 #ifdef POLARSSL_BIGNUM_C
253 
254 
255  FCT_SUITE_BGN(test_suite_x509parse)
256  {
257 #ifdef POLARSSL_PEM_C
258 #ifdef POLARSSL_FS_IO
259 
260  FCT_TEST_BGN(x509_certificate_information_1)
261  {
262  x509_cert crt;
263  char buf[2000];
264  int res;
265 
266  memset( &crt, 0, sizeof( x509_cert ) );
267  memset( buf, 0, 2000 );
268 
269  fct_chk( x509parse_crtfile( &crt, "data_files/server1.crt" ) == 0 );
270  res = x509parse_cert_info( buf, 2000, "", &crt );
271 
272  x509_free( &crt );
273 
274  fct_chk( res != -1 );
275  fct_chk( res != -2 );
276 
277  fct_chk( strcmp( buf, "cert. version : 3\nserial number : 01\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name : C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on : 2011-02-12 14:44:06\nexpires on : 2021-02-12 14:44:06\nsigned using : RSA+SHA1\nRSA key size : 2048 bits\n" ) == 0 );
278  }
279  FCT_TEST_END();
280 #endif /* POLARSSL_PEM_C */
281 #endif /* POLARSSL_FS_IO */
282 
283 #ifdef POLARSSL_PEM_C
284 #ifdef POLARSSL_FS_IO
285 
286  FCT_TEST_BGN(x509_certificate_information_2)
287  {
288  x509_cert crt;
289  char buf[2000];
290  int res;
291 
292  memset( &crt, 0, sizeof( x509_cert ) );
293  memset( buf, 0, 2000 );
294 
295  fct_chk( x509parse_crtfile( &crt, "data_files/server2.crt" ) == 0 );
296  res = x509parse_cert_info( buf, 2000, "", &crt );
297 
298  x509_free( &crt );
299 
300  fct_chk( res != -1 );
301  fct_chk( res != -2 );
302 
303  fct_chk( strcmp( buf, "cert. version : 3\nserial number : 02\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name : C=NL, O=PolarSSL, CN=localhost\nissued on : 2011-02-12 14:44:06\nexpires on : 2021-02-12 14:44:06\nsigned using : RSA+SHA1\nRSA key size : 2048 bits\n" ) == 0 );
304  }
305  FCT_TEST_END();
306 #endif /* POLARSSL_PEM_C */
307 #endif /* POLARSSL_FS_IO */
308 
309 #ifdef POLARSSL_PEM_C
310 #ifdef POLARSSL_FS_IO
311 
312  FCT_TEST_BGN(x509_certificate_information_3)
313  {
314  x509_cert crt;
315  char buf[2000];
316  int res;
317 
318  memset( &crt, 0, sizeof( x509_cert ) );
319  memset( buf, 0, 2000 );
320 
321  fct_chk( x509parse_crtfile( &crt, "data_files/test-ca.crt" ) == 0 );
322  res = x509parse_cert_info( buf, 2000, "", &crt );
323 
324  x509_free( &crt );
325 
326  fct_chk( res != -1 );
327  fct_chk( res != -2 );
328 
329  fct_chk( strcmp( buf, "cert. version : 3\nserial number : 00\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on : 2011-02-12 14:44:00\nexpires on : 2021-02-12 14:44:00\nsigned using : RSA+SHA1\nRSA key size : 2048 bits\n" ) == 0 );
330  }
331  FCT_TEST_END();
332 #endif /* POLARSSL_PEM_C */
333 #endif /* POLARSSL_FS_IO */
334 
335 #ifdef POLARSSL_PEM_C
336 #ifdef POLARSSL_FS_IO
337 
338  FCT_TEST_BGN(x509_certificate_information_md2_digest)
339  {
340  x509_cert crt;
341  char buf[2000];
342  int res;
343 
344  memset( &crt, 0, sizeof( x509_cert ) );
345  memset( buf, 0, 2000 );
346 
347  fct_chk( x509parse_crtfile( &crt, "data_files/cert_md2.crt" ) == 0 );
348  res = x509parse_cert_info( buf, 2000, "", &crt );
349 
350  x509_free( &crt );
351 
352  fct_chk( res != -1 );
353  fct_chk( res != -2 );
354 
355  fct_chk( strcmp( buf, "cert. version : 3\nserial number : 09\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name : C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on : 2009-07-12 10:56:59\nexpires on : 2011-07-12 10:56:59\nsigned using : RSA+MD2\nRSA key size : 2048 bits\n" ) == 0 );
356  }
357  FCT_TEST_END();
358 #endif /* POLARSSL_PEM_C */
359 #endif /* POLARSSL_FS_IO */
360 
361 #ifdef POLARSSL_PEM_C
362 #ifdef POLARSSL_FS_IO
363 
364  FCT_TEST_BGN(x509_certificate_information_md4_digest)
365  {
366  x509_cert crt;
367  char buf[2000];
368  int res;
369 
370  memset( &crt, 0, sizeof( x509_cert ) );
371  memset( buf, 0, 2000 );
372 
373  fct_chk( x509parse_crtfile( &crt, "data_files/cert_md4.crt" ) == 0 );
374  res = x509parse_cert_info( buf, 2000, "", &crt );
375 
376  x509_free( &crt );
377 
378  fct_chk( res != -1 );
379  fct_chk( res != -2 );
380 
381  fct_chk( strcmp( buf, "cert. version : 3\nserial number : 05\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name : C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on : 2011-02-12 14:44:07\nexpires on : 2021-02-12 14:44:07\nsigned using : RSA+MD4\nRSA key size : 2048 bits\n" ) == 0 );
382  }
383  FCT_TEST_END();
384 #endif /* POLARSSL_PEM_C */
385 #endif /* POLARSSL_FS_IO */
386 
387 #ifdef POLARSSL_PEM_C
388 #ifdef POLARSSL_FS_IO
389 
390  FCT_TEST_BGN(x509_certificate_information_md5_digest)
391  {
392  x509_cert crt;
393  char buf[2000];
394  int res;
395 
396  memset( &crt, 0, sizeof( x509_cert ) );
397  memset( buf, 0, 2000 );
398 
399  fct_chk( x509parse_crtfile( &crt, "data_files/cert_md5.crt" ) == 0 );
400  res = x509parse_cert_info( buf, 2000, "", &crt );
401 
402  x509_free( &crt );
403 
404  fct_chk( res != -1 );
405  fct_chk( res != -2 );
406 
407  fct_chk( strcmp( buf, "cert. version : 3\nserial number : 06\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name : C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on : 2011-02-12 14:44:07\nexpires on : 2021-02-12 14:44:07\nsigned using : RSA+MD5\nRSA key size : 2048 bits\n" ) == 0 );
408  }
409  FCT_TEST_END();
410 #endif /* POLARSSL_PEM_C */
411 #endif /* POLARSSL_FS_IO */
412 
413 #ifdef POLARSSL_PEM_C
414 #ifdef POLARSSL_FS_IO
415 
416  FCT_TEST_BGN(x509_certificate_information_sha1_digest)
417  {
418  x509_cert crt;
419  char buf[2000];
420  int res;
421 
422  memset( &crt, 0, sizeof( x509_cert ) );
423  memset( buf, 0, 2000 );
424 
425  fct_chk( x509parse_crtfile( &crt, "data_files/cert_sha1.crt" ) == 0 );
426  res = x509parse_cert_info( buf, 2000, "", &crt );
427 
428  x509_free( &crt );
429 
430  fct_chk( res != -1 );
431  fct_chk( res != -2 );
432 
433  fct_chk( strcmp( buf, "cert. version : 3\nserial number : 07\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name : C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on : 2011-02-12 14:44:07\nexpires on : 2021-02-12 14:44:07\nsigned using : RSA+SHA1\nRSA key size : 2048 bits\n" ) == 0 );
434  }
435  FCT_TEST_END();
436 #endif /* POLARSSL_PEM_C */
437 #endif /* POLARSSL_FS_IO */
438 
439 #ifdef POLARSSL_PEM_C
440 #ifdef POLARSSL_FS_IO
441 
442  FCT_TEST_BGN(x509_certificate_information_sha224_digest)
443  {
444  x509_cert crt;
445  char buf[2000];
446  int res;
447 
448  memset( &crt, 0, sizeof( x509_cert ) );
449  memset( buf, 0, 2000 );
450 
451  fct_chk( x509parse_crtfile( &crt, "data_files/cert_sha224.crt" ) == 0 );
452  res = x509parse_cert_info( buf, 2000, "", &crt );
453 
454  x509_free( &crt );
455 
456  fct_chk( res != -1 );
457  fct_chk( res != -2 );
458 
459  fct_chk( strcmp( buf, "cert. version : 3\nserial number : 08\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name : C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on : 2011-02-12 14:44:07\nexpires on : 2021-02-12 14:44:07\nsigned using : RSA+SHA224\nRSA key size : 2048 bits\n" ) == 0 );
460  }
461  FCT_TEST_END();
462 #endif /* POLARSSL_PEM_C */
463 #endif /* POLARSSL_FS_IO */
464 
465 #ifdef POLARSSL_PEM_C
466 #ifdef POLARSSL_FS_IO
467 
468  FCT_TEST_BGN(x509_certificate_information_sha256_digest)
469  {
470  x509_cert crt;
471  char buf[2000];
472  int res;
473 
474  memset( &crt, 0, sizeof( x509_cert ) );
475  memset( buf, 0, 2000 );
476 
477  fct_chk( x509parse_crtfile( &crt, "data_files/cert_sha256.crt" ) == 0 );
478  res = x509parse_cert_info( buf, 2000, "", &crt );
479 
480  x509_free( &crt );
481 
482  fct_chk( res != -1 );
483  fct_chk( res != -2 );
484 
485  fct_chk( strcmp( buf, "cert. version : 3\nserial number : 09\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name : C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on : 2011-02-12 14:44:07\nexpires on : 2021-02-12 14:44:07\nsigned using : RSA+SHA256\nRSA key size : 2048 bits\n" ) == 0 );
486  }
487  FCT_TEST_END();
488 #endif /* POLARSSL_PEM_C */
489 #endif /* POLARSSL_FS_IO */
490 
491 #ifdef POLARSSL_PEM_C
492 #ifdef POLARSSL_FS_IO
493 
494  FCT_TEST_BGN(x509_certificate_information_sha384_digest)
495  {
496  x509_cert crt;
497  char buf[2000];
498  int res;
499 
500  memset( &crt, 0, sizeof( x509_cert ) );
501  memset( buf, 0, 2000 );
502 
503  fct_chk( x509parse_crtfile( &crt, "data_files/cert_sha384.crt" ) == 0 );
504  res = x509parse_cert_info( buf, 2000, "", &crt );
505 
506  x509_free( &crt );
507 
508  fct_chk( res != -1 );
509  fct_chk( res != -2 );
510 
511  fct_chk( strcmp( buf, "cert. version : 3\nserial number : 0A\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name : C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on : 2011-02-12 14:44:07\nexpires on : 2021-02-12 14:44:07\nsigned using : RSA+SHA384\nRSA key size : 2048 bits\n" ) == 0 );
512  }
513  FCT_TEST_END();
514 #endif /* POLARSSL_PEM_C */
515 #endif /* POLARSSL_FS_IO */
516 
517 #ifdef POLARSSL_PEM_C
518 #ifdef POLARSSL_FS_IO
519 
520  FCT_TEST_BGN(x509_certificate_information_sha512_digest)
521  {
522  x509_cert crt;
523  char buf[2000];
524  int res;
525 
526  memset( &crt, 0, sizeof( x509_cert ) );
527  memset( buf, 0, 2000 );
528 
529  fct_chk( x509parse_crtfile( &crt, "data_files/cert_sha512.crt" ) == 0 );
530  res = x509parse_cert_info( buf, 2000, "", &crt );
531 
532  x509_free( &crt );
533 
534  fct_chk( res != -1 );
535  fct_chk( res != -2 );
536 
537  fct_chk( strcmp( buf, "cert. version : 3\nserial number : 0B\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name : C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on : 2011-02-12 14:44:07\nexpires on : 2021-02-12 14:44:07\nsigned using : RSA+SHA512\nRSA key size : 2048 bits\n" ) == 0 );
538  }
539  FCT_TEST_END();
540 #endif /* POLARSSL_PEM_C */
541 #endif /* POLARSSL_FS_IO */
542 
543 #ifdef POLARSSL_PEM_C
544 #ifdef POLARSSL_FS_IO
545 
546  FCT_TEST_BGN(x509_crl_information_1)
547  {
548  x509_crl crl;
549  char buf[2000];
550  int res;
551 
552  memset( &crl, 0, sizeof( x509_crl ) );
553  memset( buf, 0, 2000 );
554 
555  fct_chk( x509parse_crlfile( &crl, "data_files/crl_expired.pem" ) == 0 );
556  res = x509parse_crl_info( buf, 2000, "", &crl );
557 
558  x509_crl_free( &crl );
559 
560  fct_chk( res != -1 );
561  fct_chk( res != -2 );
562 
563  fct_chk( strcmp( buf, "CRL version : 1\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update : 2011-02-20 10:24:19\nnext update : 2011-02-20 11:24:19\nRevoked certificates:\nserial number: 01 revocation date: 2011-02-12 14:44:07\nserial number: 03 revocation date: 2011-02-12 14:44:07\nsigned using : RSA+SHA1\n" ) == 0 );
564  }
565  FCT_TEST_END();
566 #endif /* POLARSSL_PEM_C */
567 #endif /* POLARSSL_FS_IO */
568 
569 #ifdef POLARSSL_PEM_C
570 #ifdef POLARSSL_FS_IO
571 
572  FCT_TEST_BGN(x509_crl_information_md2_digest)
573  {
574  x509_crl crl;
575  char buf[2000];
576  int res;
577 
578  memset( &crl, 0, sizeof( x509_crl ) );
579  memset( buf, 0, 2000 );
580 
581  fct_chk( x509parse_crlfile( &crl, "data_files/crl_md2.pem" ) == 0 );
582  res = x509parse_crl_info( buf, 2000, "", &crl );
583 
584  x509_crl_free( &crl );
585 
586  fct_chk( res != -1 );
587  fct_chk( res != -2 );
588 
589  fct_chk( strcmp( buf, "CRL version : 1\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update : 2009-07-19 19:56:37\nnext update : 2009-09-17 19:56:37\nRevoked certificates:\nserial number: 01 revocation date: 2009-02-09 21:12:36\nserial number: 03 revocation date: 2009-02-09 21:12:36\nsigned using : RSA+MD2\n" ) == 0 );
590  }
591  FCT_TEST_END();
592 #endif /* POLARSSL_PEM_C */
593 #endif /* POLARSSL_FS_IO */
594 
595 #ifdef POLARSSL_PEM_C
596 #ifdef POLARSSL_FS_IO
597 
598  FCT_TEST_BGN(x509_crl_information_md4_digest)
599  {
600  x509_crl crl;
601  char buf[2000];
602  int res;
603 
604  memset( &crl, 0, sizeof( x509_crl ) );
605  memset( buf, 0, 2000 );
606 
607  fct_chk( x509parse_crlfile( &crl, "data_files/crl_md4.pem" ) == 0 );
608  res = x509parse_crl_info( buf, 2000, "", &crl );
609 
610  x509_crl_free( &crl );
611 
612  fct_chk( res != -1 );
613  fct_chk( res != -2 );
614 
615  fct_chk( strcmp( buf, "CRL version : 1\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update : 2011-02-12 14:44:07\nnext update : 2011-04-13 14:44:07\nRevoked certificates:\nserial number: 01 revocation date: 2011-02-12 14:44:07\nserial number: 03 revocation date: 2011-02-12 14:44:07\nsigned using : RSA+MD4\n" ) == 0 );
616  }
617  FCT_TEST_END();
618 #endif /* POLARSSL_PEM_C */
619 #endif /* POLARSSL_FS_IO */
620 
621 #ifdef POLARSSL_PEM_C
622 #ifdef POLARSSL_FS_IO
623 
624  FCT_TEST_BGN(x509_crl_information_md5_digest)
625  {
626  x509_crl crl;
627  char buf[2000];
628  int res;
629 
630  memset( &crl, 0, sizeof( x509_crl ) );
631  memset( buf, 0, 2000 );
632 
633  fct_chk( x509parse_crlfile( &crl, "data_files/crl_md5.pem" ) == 0 );
634  res = x509parse_crl_info( buf, 2000, "", &crl );
635 
636  x509_crl_free( &crl );
637 
638  fct_chk( res != -1 );
639  fct_chk( res != -2 );
640 
641  fct_chk( strcmp( buf, "CRL version : 1\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update : 2011-02-12 14:44:07\nnext update : 2011-04-13 14:44:07\nRevoked certificates:\nserial number: 01 revocation date: 2011-02-12 14:44:07\nserial number: 03 revocation date: 2011-02-12 14:44:07\nsigned using : RSA+MD5\n" ) == 0 );
642  }
643  FCT_TEST_END();
644 #endif /* POLARSSL_PEM_C */
645 #endif /* POLARSSL_FS_IO */
646 
647 #ifdef POLARSSL_PEM_C
648 #ifdef POLARSSL_FS_IO
649 
650  FCT_TEST_BGN(x509_crl_information_sha1_digest)
651  {
652  x509_crl crl;
653  char buf[2000];
654  int res;
655 
656  memset( &crl, 0, sizeof( x509_crl ) );
657  memset( buf, 0, 2000 );
658 
659  fct_chk( x509parse_crlfile( &crl, "data_files/crl_sha1.pem" ) == 0 );
660  res = x509parse_crl_info( buf, 2000, "", &crl );
661 
662  x509_crl_free( &crl );
663 
664  fct_chk( res != -1 );
665  fct_chk( res != -2 );
666 
667  fct_chk( strcmp( buf, "CRL version : 1\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update : 2011-02-12 14:44:07\nnext update : 2011-04-13 14:44:07\nRevoked certificates:\nserial number: 01 revocation date: 2011-02-12 14:44:07\nserial number: 03 revocation date: 2011-02-12 14:44:07\nsigned using : RSA+SHA1\n" ) == 0 );
668  }
669  FCT_TEST_END();
670 #endif /* POLARSSL_PEM_C */
671 #endif /* POLARSSL_FS_IO */
672 
673 #ifdef POLARSSL_PEM_C
674 #ifdef POLARSSL_FS_IO
675 
676  FCT_TEST_BGN(x509_crl_information_sha224_digest)
677  {
678  x509_crl crl;
679  char buf[2000];
680  int res;
681 
682  memset( &crl, 0, sizeof( x509_crl ) );
683  memset( buf, 0, 2000 );
684 
685  fct_chk( x509parse_crlfile( &crl, "data_files/crl_sha224.pem" ) == 0 );
686  res = x509parse_crl_info( buf, 2000, "", &crl );
687 
688  x509_crl_free( &crl );
689 
690  fct_chk( res != -1 );
691  fct_chk( res != -2 );
692 
693  fct_chk( strcmp( buf, "CRL version : 1\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update : 2011-02-12 14:44:07\nnext update : 2011-04-13 14:44:07\nRevoked certificates:\nserial number: 01 revocation date: 2011-02-12 14:44:07\nserial number: 03 revocation date: 2011-02-12 14:44:07\nsigned using : RSA+SHA224\n" ) == 0 );
694  }
695  FCT_TEST_END();
696 #endif /* POLARSSL_PEM_C */
697 #endif /* POLARSSL_FS_IO */
698 
699 #ifdef POLARSSL_PEM_C
700 #ifdef POLARSSL_FS_IO
701 
702  FCT_TEST_BGN(x509_crl_information_sha256_digest)
703  {
704  x509_crl crl;
705  char buf[2000];
706  int res;
707 
708  memset( &crl, 0, sizeof( x509_crl ) );
709  memset( buf, 0, 2000 );
710 
711  fct_chk( x509parse_crlfile( &crl, "data_files/crl_sha256.pem" ) == 0 );
712  res = x509parse_crl_info( buf, 2000, "", &crl );
713 
714  x509_crl_free( &crl );
715 
716  fct_chk( res != -1 );
717  fct_chk( res != -2 );
718 
719  fct_chk( strcmp( buf, "CRL version : 1\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update : 2011-02-12 14:44:07\nnext update : 2011-04-13 14:44:07\nRevoked certificates:\nserial number: 01 revocation date: 2011-02-12 14:44:07\nserial number: 03 revocation date: 2011-02-12 14:44:07\nsigned using : RSA+SHA256\n" ) == 0 );
720  }
721  FCT_TEST_END();
722 #endif /* POLARSSL_PEM_C */
723 #endif /* POLARSSL_FS_IO */
724 
725 #ifdef POLARSSL_PEM_C
726 #ifdef POLARSSL_FS_IO
727 
728  FCT_TEST_BGN(x509_crl_information_sha384_digest)
729  {
730  x509_crl crl;
731  char buf[2000];
732  int res;
733 
734  memset( &crl, 0, sizeof( x509_crl ) );
735  memset( buf, 0, 2000 );
736 
737  fct_chk( x509parse_crlfile( &crl, "data_files/crl_sha384.pem" ) == 0 );
738  res = x509parse_crl_info( buf, 2000, "", &crl );
739 
740  x509_crl_free( &crl );
741 
742  fct_chk( res != -1 );
743  fct_chk( res != -2 );
744 
745  fct_chk( strcmp( buf, "CRL version : 1\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update : 2011-02-12 14:44:07\nnext update : 2011-04-13 14:44:07\nRevoked certificates:\nserial number: 01 revocation date: 2011-02-12 14:44:07\nserial number: 03 revocation date: 2011-02-12 14:44:07\nsigned using : RSA+SHA384\n" ) == 0 );
746  }
747  FCT_TEST_END();
748 #endif /* POLARSSL_PEM_C */
749 #endif /* POLARSSL_FS_IO */
750 
751 #ifdef POLARSSL_PEM_C
752 #ifdef POLARSSL_FS_IO
753 
754  FCT_TEST_BGN(x509_crl_information_sha512_digest)
755  {
756  x509_crl crl;
757  char buf[2000];
758  int res;
759 
760  memset( &crl, 0, sizeof( x509_crl ) );
761  memset( buf, 0, 2000 );
762 
763  fct_chk( x509parse_crlfile( &crl, "data_files/crl_sha512.pem" ) == 0 );
764  res = x509parse_crl_info( buf, 2000, "", &crl );
765 
766  x509_crl_free( &crl );
767 
768  fct_chk( res != -1 );
769  fct_chk( res != -2 );
770 
771  fct_chk( strcmp( buf, "CRL version : 1\nissuer name : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update : 2011-02-12 14:44:07\nnext update : 2011-04-13 14:44:07\nRevoked certificates:\nserial number: 01 revocation date: 2011-02-12 14:44:07\nserial number: 03 revocation date: 2011-02-12 14:44:07\nsigned using : RSA+SHA512\n" ) == 0 );
772  }
773  FCT_TEST_END();
774 #endif /* POLARSSL_PEM_C */
775 #endif /* POLARSSL_FS_IO */
776 
777 #ifdef POLARSSL_MD5_C
778 #ifdef POLARSSL_PEM_C
779 #ifdef POLARSSL_FS_IO
780 
781  FCT_TEST_BGN(x509_parse_key_1_no_password_when_required)
782  {
783  rsa_context rsa;
784  int res;
785 
786  memset( &rsa, 0, sizeof( rsa_context ) );
787 
788  res = x509parse_keyfile( &rsa, "data_files/test-ca.key", NULL );
789 
790  fct_chk( res == POLARSSL_ERR_PEM_PASSWORD_REQUIRED );
791 
792  if( res == 0 )
793  {
794  fct_chk( rsa_check_privkey( &rsa ) == 0 );
795  }
796 
797  rsa_free( &rsa );
798  }
799  FCT_TEST_END();
800 #endif /* POLARSSL_MD5_C */
801 #endif /* POLARSSL_PEM_C */
802 #endif /* POLARSSL_FS_IO */
803 
804 #ifdef POLARSSL_MD5_C
805 #ifdef POLARSSL_PEM_C
806 #ifdef POLARSSL_FS_IO
807 
808  FCT_TEST_BGN(x509_parse_key_2_correct_password)
809  {
810  rsa_context rsa;
811  int res;
812 
813  memset( &rsa, 0, sizeof( rsa_context ) );
814 
815  res = x509parse_keyfile( &rsa, "data_files/test-ca.key", "PolarSSLTest" );
816 
817  fct_chk( res == 0 );
818 
819  if( res == 0 )
820  {
821  fct_chk( rsa_check_privkey( &rsa ) == 0 );
822  }
823 
824  rsa_free( &rsa );
825  }
826  FCT_TEST_END();
827 #endif /* POLARSSL_MD5_C */
828 #endif /* POLARSSL_PEM_C */
829 #endif /* POLARSSL_FS_IO */
830 
831 #ifdef POLARSSL_MD5_C
832 #ifdef POLARSSL_PEM_C
833 #ifdef POLARSSL_FS_IO
834 
835  FCT_TEST_BGN(x509_parse_key_3_wrong_password)
836  {
837  rsa_context rsa;
838  int res;
839 
840  memset( &rsa, 0, sizeof( rsa_context ) );
841 
842  res = x509parse_keyfile( &rsa, "data_files/test-ca.key", "PolarSSLWRONG" );
843 
844  fct_chk( res == POLARSSL_ERR_PEM_PASSWORD_MISMATCH );
845 
846  if( res == 0 )
847  {
848  fct_chk( rsa_check_privkey( &rsa ) == 0 );
849  }
850 
851  rsa_free( &rsa );
852  }
853  FCT_TEST_END();
854 #endif /* POLARSSL_MD5_C */
855 #endif /* POLARSSL_PEM_C */
856 #endif /* POLARSSL_FS_IO */
857 
858 #ifdef POLARSSL_MD5_C
859 #ifdef POLARSSL_DES_C
860 #ifdef POLARSSL_PEM_C
861 #ifdef POLARSSL_FS_IO
862 
863  FCT_TEST_BGN(x509_parse_key_4_des_encrypted)
864  {
865  rsa_context rsa;
866  int res;
867 
868  memset( &rsa, 0, sizeof( rsa_context ) );
869 
870  res = x509parse_keyfile( &rsa, "data_files/keyfile.des", "testkey" );
871 
872  fct_chk( res == 0 );
873 
874  if( res == 0 )
875  {
876  fct_chk( rsa_check_privkey( &rsa ) == 0 );
877  }
878 
879  rsa_free( &rsa );
880  }
881  FCT_TEST_END();
882 #endif /* POLARSSL_MD5_C */
883 #endif /* POLARSSL_DES_C */
884 #endif /* POLARSSL_PEM_C */
885 #endif /* POLARSSL_FS_IO */
886 
887 #ifdef POLARSSL_MD5_C
888 #ifdef POLARSSL_DES_C
889 #ifdef POLARSSL_PEM_C
890 #ifdef POLARSSL_FS_IO
891 
892  FCT_TEST_BGN(x509_parse_key_5_3des_encrypted)
893  {
894  rsa_context rsa;
895  int res;
896 
897  memset( &rsa, 0, sizeof( rsa_context ) );
898 
899  res = x509parse_keyfile( &rsa, "data_files/keyfile.3des", "testkey" );
900 
901  fct_chk( res == 0 );
902 
903  if( res == 0 )
904  {
905  fct_chk( rsa_check_privkey( &rsa ) == 0 );
906  }
907 
908  rsa_free( &rsa );
909  }
910  FCT_TEST_END();
911 #endif /* POLARSSL_MD5_C */
912 #endif /* POLARSSL_DES_C */
913 #endif /* POLARSSL_PEM_C */
914 #endif /* POLARSSL_FS_IO */
915 
916 #ifdef POLARSSL_MD5_C
917 #ifdef POLARSSL_AES_C
918 #ifdef POLARSSL_PEM_C
919 #ifdef POLARSSL_FS_IO
920 
921  FCT_TEST_BGN(x509_parse_key_6_aes_128_encrypted)
922  {
923  rsa_context rsa;
924  int res;
925 
926  memset( &rsa, 0, sizeof( rsa_context ) );
927 
928  res = x509parse_keyfile( &rsa, "data_files/keyfile.aes128", "testkey" );
929 
930  fct_chk( res == 0 );
931 
932  if( res == 0 )
933  {
934  fct_chk( rsa_check_privkey( &rsa ) == 0 );
935  }
936 
937  rsa_free( &rsa );
938  }
939  FCT_TEST_END();
940 #endif /* POLARSSL_MD5_C */
941 #endif /* POLARSSL_AES_C */
942 #endif /* POLARSSL_PEM_C */
943 #endif /* POLARSSL_FS_IO */
944 
945 #ifdef POLARSSL_MD5_C
946 #ifdef POLARSSL_AES_C
947 #ifdef POLARSSL_PEM_C
948 #ifdef POLARSSL_FS_IO
949 
950  FCT_TEST_BGN(x509_parse_key_7_aes_192_encrypted)
951  {
952  rsa_context rsa;
953  int res;
954 
955  memset( &rsa, 0, sizeof( rsa_context ) );
956 
957  res = x509parse_keyfile( &rsa, "data_files/keyfile.aes192", "testkey" );
958 
959  fct_chk( res == 0 );
960 
961  if( res == 0 )
962  {
963  fct_chk( rsa_check_privkey( &rsa ) == 0 );
964  }
965 
966  rsa_free( &rsa );
967  }
968  FCT_TEST_END();
969 #endif /* POLARSSL_MD5_C */
970 #endif /* POLARSSL_AES_C */
971 #endif /* POLARSSL_PEM_C */
972 #endif /* POLARSSL_FS_IO */
973 
974 #ifdef POLARSSL_MD5_C
975 #ifdef POLARSSL_AES_C
976 #ifdef POLARSSL_PEM_C
977 #ifdef POLARSSL_FS_IO
978 
979  FCT_TEST_BGN(x509_parse_key_8_aes_256_encrypted)
980  {
981  rsa_context rsa;
982  int res;
983 
984  memset( &rsa, 0, sizeof( rsa_context ) );
985 
986  res = x509parse_keyfile( &rsa, "data_files/keyfile.aes256", "testkey" );
987 
988  fct_chk( res == 0 );
989 
990  if( res == 0 )
991  {
992  fct_chk( rsa_check_privkey( &rsa ) == 0 );
993  }
994 
995  rsa_free( &rsa );
996  }
997  FCT_TEST_END();
998 #endif /* POLARSSL_MD5_C */
999 #endif /* POLARSSL_AES_C */
1000 #endif /* POLARSSL_PEM_C */
1001 #endif /* POLARSSL_FS_IO */
1002 
1003 #ifdef POLARSSL_MD5_C
1004 #ifdef POLARSSL_PEM_C
1005 #ifdef POLARSSL_FS_IO
1006 
1007  FCT_TEST_BGN(x509_parse_key_9_pkcs8_wrapped)
1008  {
1009  rsa_context rsa;
1010  int res;
1011 
1012  memset( &rsa, 0, sizeof( rsa_context ) );
1013 
1014  res = x509parse_keyfile( &rsa, "data_files/format_gen.key", "" );
1015 
1016  fct_chk( res == 0 );
1017 
1018  if( res == 0 )
1019  {
1020  fct_chk( rsa_check_privkey( &rsa ) == 0 );
1021  }
1022 
1023  rsa_free( &rsa );
1024  }
1025  FCT_TEST_END();
1026 #endif /* POLARSSL_MD5_C */
1027 #endif /* POLARSSL_PEM_C */
1028 #endif /* POLARSSL_FS_IO */
1029 
1030 #ifdef POLARSSL_MD5_C
1031 #ifdef POLARSSL_PEM_C
1032 #ifdef POLARSSL_FS_IO
1033 
1034  FCT_TEST_BGN(x509_parse_public_key_1_pkcs8_wrapped)
1035  {
1036  rsa_context rsa;
1037  int res;
1038 
1039  memset( &rsa, 0, sizeof( rsa_context ) );
1040 
1041  res = x509parse_public_keyfile( &rsa, "data_files/format_gen.pub" );
1042 
1043  fct_chk( res == 0 );
1044 
1045  if( res == 0 )
1046  {
1047  fct_chk( rsa_check_pubkey( &rsa ) == 0 );
1048  }
1049 
1050  rsa_free( &rsa );
1051  }
1052  FCT_TEST_END();
1053 #endif /* POLARSSL_MD5_C */
1054 #endif /* POLARSSL_PEM_C */
1055 #endif /* POLARSSL_FS_IO */
1056 
1057 #ifdef POLARSSL_PEM_C
1058 #ifdef POLARSSL_FS_IO
1059 
1060  FCT_TEST_BGN(x509_get_distinguished_name_1)
1061  {
1062  x509_cert crt;
1063  char buf[2000];
1064  int res;
1065 
1066  memset( &crt, 0, sizeof( x509_cert ) );
1067  memset( buf, 0, 2000 );
1068 
1069  fct_chk( x509parse_crtfile( &crt, "data_files/server1.crt" ) == 0 );
1070  res = x509parse_dn_gets( buf, 2000, &crt.subject );
1071 
1072  x509_free( &crt );
1073 
1074  fct_chk( res != -1 );
1075  fct_chk( res != -2 );
1076 
1077  fct_chk( strcmp( buf, "C=NL, O=PolarSSL, CN=PolarSSL Server 1" ) == 0 );
1078  }
1079  FCT_TEST_END();
1080 #endif /* POLARSSL_PEM_C */
1081 #endif /* POLARSSL_FS_IO */
1082 
1083 #ifdef POLARSSL_PEM_C
1084 #ifdef POLARSSL_FS_IO
1085 
1086  FCT_TEST_BGN(x509_get_distinguished_name_2)
1087  {
1088  x509_cert crt;
1089  char buf[2000];
1090  int res;
1091 
1092  memset( &crt, 0, sizeof( x509_cert ) );
1093  memset( buf, 0, 2000 );
1094 
1095  fct_chk( x509parse_crtfile( &crt, "data_files/server1.crt" ) == 0 );
1096  res = x509parse_dn_gets( buf, 2000, &crt.issuer );
1097 
1098  x509_free( &crt );
1099 
1100  fct_chk( res != -1 );
1101  fct_chk( res != -2 );
1102 
1103  fct_chk( strcmp( buf, "C=NL, O=PolarSSL, CN=PolarSSL Test CA" ) == 0 );
1104  }
1105  FCT_TEST_END();
1106 #endif /* POLARSSL_PEM_C */
1107 #endif /* POLARSSL_FS_IO */
1108 
1109 #ifdef POLARSSL_PEM_C
1110 #ifdef POLARSSL_FS_IO
1111 
1112  FCT_TEST_BGN(x509_get_distinguished_name_3)
1113  {
1114  x509_cert crt;
1115  char buf[2000];
1116  int res;
1117 
1118  memset( &crt, 0, sizeof( x509_cert ) );
1119  memset( buf, 0, 2000 );
1120 
1121  fct_chk( x509parse_crtfile( &crt, "data_files/server2.crt" ) == 0 );
1122  res = x509parse_dn_gets( buf, 2000, &crt.subject );
1123 
1124  x509_free( &crt );
1125 
1126  fct_chk( res != -1 );
1127  fct_chk( res != -2 );
1128 
1129  fct_chk( strcmp( buf, "C=NL, O=PolarSSL, CN=localhost" ) == 0 );
1130  }
1131  FCT_TEST_END();
1132 #endif /* POLARSSL_PEM_C */
1133 #endif /* POLARSSL_FS_IO */
1134 
1135 #ifdef POLARSSL_PEM_C
1136 #ifdef POLARSSL_FS_IO
1137 
1138  FCT_TEST_BGN(x509_get_distinguished_name_4)
1139  {
1140  x509_cert crt;
1141  char buf[2000];
1142  int res;
1143 
1144  memset( &crt, 0, sizeof( x509_cert ) );
1145  memset( buf, 0, 2000 );
1146 
1147  fct_chk( x509parse_crtfile( &crt, "data_files/server2.crt" ) == 0 );
1148  res = x509parse_dn_gets( buf, 2000, &crt.issuer );
1149 
1150  x509_free( &crt );
1151 
1152  fct_chk( res != -1 );
1153  fct_chk( res != -2 );
1154 
1155  fct_chk( strcmp( buf, "C=NL, O=PolarSSL, CN=PolarSSL Test CA" ) == 0 );
1156  }
1157  FCT_TEST_END();
1158 #endif /* POLARSSL_PEM_C */
1159 #endif /* POLARSSL_FS_IO */
1160 
1161 #ifdef POLARSSL_PEM_C
1162 #ifdef POLARSSL_FS_IO
1163 
1164  FCT_TEST_BGN(x509_time_expired_1)
1165  {
1166  x509_cert crt;
1167 
1168  memset( &crt, 0, sizeof( x509_cert ) );
1169 
1170  fct_chk( x509parse_crtfile( &crt, "data_files/server1.crt" ) == 0 );
1171  fct_chk( x509parse_time_expired( &crt.valid_from ) == 1 );
1172 
1173  x509_free( &crt );
1174  }
1175  FCT_TEST_END();
1176 #endif /* POLARSSL_PEM_C */
1177 #endif /* POLARSSL_FS_IO */
1178 
1179 #ifdef POLARSSL_PEM_C
1180 #ifdef POLARSSL_FS_IO
1181 
1182  FCT_TEST_BGN(x509_time_expired_2)
1183  {
1184  x509_cert crt;
1185 
1186  memset( &crt, 0, sizeof( x509_cert ) );
1187 
1188  fct_chk( x509parse_crtfile( &crt, "data_files/server1.crt" ) == 0 );
1189  fct_chk( x509parse_time_expired( &crt.valid_to ) == 0 );
1190 
1191  x509_free( &crt );
1192  }
1193  FCT_TEST_END();
1194 #endif /* POLARSSL_PEM_C */
1195 #endif /* POLARSSL_FS_IO */
1196 
1197 #ifdef POLARSSL_PEM_C
1198 #ifdef POLARSSL_FS_IO
1199 
1200  FCT_TEST_BGN(x509_time_expired_3)
1201  {
1202  x509_cert crt;
1203 
1204  memset( &crt, 0, sizeof( x509_cert ) );
1205 
1206  fct_chk( x509parse_crtfile( &crt, "data_files/server2.crt" ) == 0 );
1207  fct_chk( x509parse_time_expired( &crt.valid_from ) == 1 );
1208 
1209  x509_free( &crt );
1210  }
1211  FCT_TEST_END();
1212 #endif /* POLARSSL_PEM_C */
1213 #endif /* POLARSSL_FS_IO */
1214 
1215 #ifdef POLARSSL_PEM_C
1216 #ifdef POLARSSL_FS_IO
1217 
1218  FCT_TEST_BGN(x509_time_expired_4)
1219  {
1220  x509_cert crt;
1221 
1222  memset( &crt, 0, sizeof( x509_cert ) );
1223 
1224  fct_chk( x509parse_crtfile( &crt, "data_files/server2.crt" ) == 0 );
1225  fct_chk( x509parse_time_expired( &crt.valid_to ) == 0 );
1226 
1227  x509_free( &crt );
1228  }
1229  FCT_TEST_END();
1230 #endif /* POLARSSL_PEM_C */
1231 #endif /* POLARSSL_FS_IO */
1232 
1233 #ifdef POLARSSL_PEM_C
1234 #ifdef POLARSSL_FS_IO
1235 
1236  FCT_TEST_BGN(x509_time_expired_5)
1237  {
1238  x509_cert crt;
1239 
1240  memset( &crt, 0, sizeof( x509_cert ) );
1241 
1242  fct_chk( x509parse_crtfile( &crt, "data_files/test-ca.crt" ) == 0 );
1243  fct_chk( x509parse_time_expired( &crt.valid_from ) == 1 );
1244 
1245  x509_free( &crt );
1246  }
1247  FCT_TEST_END();
1248 #endif /* POLARSSL_PEM_C */
1249 #endif /* POLARSSL_FS_IO */
1250 
1251 #ifdef POLARSSL_PEM_C
1252 #ifdef POLARSSL_FS_IO
1253 
1254  FCT_TEST_BGN(x509_time_expired_6polarssl_fs_io)
1255  {
1256  x509_cert crt;
1257 
1258  memset( &crt, 0, sizeof( x509_cert ) );
1259 
1260  fct_chk( x509parse_crtfile( &crt, "data_files/test-ca.crt" ) == 0 );
1261  fct_chk( x509parse_time_expired( &crt.valid_to ) == 0 );
1262 
1263  x509_free( &crt );
1264  }
1265  FCT_TEST_END();
1266 #endif /* POLARSSL_PEM_C */
1267 #endif /* POLARSSL_FS_IO */
1268 
1269 #ifdef POLARSSL_PEM_C
1270 #ifdef POLARSSL_FS_IO
1271 
1272  FCT_TEST_BGN(x509_certificate_verification_1_revoked_cert_expired_crl)
1273  {
1274  x509_cert crt;
1275  x509_cert ca;
1276  x509_crl crl;
1277  int flags = 0;
1278  int res;
1279 
1280  memset( &crt, 0, sizeof( x509_cert ) );
1281  memset( &ca, 0, sizeof( x509_cert ) );
1282  memset( &crl, 0, sizeof( x509_crl ) );
1283 
1284  fct_chk( x509parse_crtfile( &crt, "data_files/server1.crt" ) == 0 );
1285  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1286  fct_chk( x509parse_crlfile( &crl, "data_files/crl_expired.pem" ) == 0 );
1287 
1288  res = x509parse_verify( &crt, &ca, &crl, NULL, &flags, NULL, NULL );
1289 
1290  x509_free( &crt );
1291  x509_free( &ca );
1292  x509_crl_free( &crl );
1293 
1294  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
1295  fct_chk( flags == ( BADCERT_REVOKED | BADCRL_EXPIRED ) );
1296  }
1297  FCT_TEST_END();
1298 #endif /* POLARSSL_PEM_C */
1299 #endif /* POLARSSL_FS_IO */
1300 
1301 #ifdef POLARSSL_PEM_C
1302 #ifdef POLARSSL_FS_IO
1303 
1304  FCT_TEST_BGN(x509_certificate_verification_2_revoked_cert_expired_crl)
1305  {
1306  x509_cert crt;
1307  x509_cert ca;
1308  x509_crl crl;
1309  int flags = 0;
1310  int res;
1311 
1312  memset( &crt, 0, sizeof( x509_cert ) );
1313  memset( &ca, 0, sizeof( x509_cert ) );
1314  memset( &crl, 0, sizeof( x509_crl ) );
1315 
1316  fct_chk( x509parse_crtfile( &crt, "data_files/server1.crt" ) == 0 );
1317  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1318  fct_chk( x509parse_crlfile( &crl, "data_files/crl_expired.pem" ) == 0 );
1319 
1320  res = x509parse_verify( &crt, &ca, &crl, "PolarSSL Server 1", &flags, NULL, NULL );
1321 
1322  x509_free( &crt );
1323  x509_free( &ca );
1324  x509_crl_free( &crl );
1325 
1326  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
1327  fct_chk( flags == ( BADCERT_REVOKED | BADCRL_EXPIRED ) );
1328  }
1329  FCT_TEST_END();
1330 #endif /* POLARSSL_PEM_C */
1331 #endif /* POLARSSL_FS_IO */
1332 
1333 #ifdef POLARSSL_PEM_C
1334 #ifdef POLARSSL_FS_IO
1335 
1336  FCT_TEST_BGN(x509_certificate_verification_3_revoked_cert_expired_crl_cn_mismatch)
1337  {
1338  x509_cert crt;
1339  x509_cert ca;
1340  x509_crl crl;
1341  int flags = 0;
1342  int res;
1343 
1344  memset( &crt, 0, sizeof( x509_cert ) );
1345  memset( &ca, 0, sizeof( x509_cert ) );
1346  memset( &crl, 0, sizeof( x509_crl ) );
1347 
1348  fct_chk( x509parse_crtfile( &crt, "data_files/server1.crt" ) == 0 );
1349  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1350  fct_chk( x509parse_crlfile( &crl, "data_files/crl_expired.pem" ) == 0 );
1351 
1352  res = x509parse_verify( &crt, &ca, &crl, "PolarSSL Wrong CN", &flags, NULL, NULL );
1353 
1354  x509_free( &crt );
1355  x509_free( &ca );
1356  x509_crl_free( &crl );
1357 
1358  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
1359  fct_chk( flags == ( BADCERT_REVOKED | BADCRL_EXPIRED | BADCERT_CN_MISMATCH ) );
1360  }
1361  FCT_TEST_END();
1362 #endif /* POLARSSL_PEM_C */
1363 #endif /* POLARSSL_FS_IO */
1364 
1365 #ifdef POLARSSL_PEM_C
1366 #ifdef POLARSSL_FS_IO
1367 
1368  FCT_TEST_BGN(x509_certificate_verification_4_valid_cert_expired_crl)
1369  {
1370  x509_cert crt;
1371  x509_cert ca;
1372  x509_crl crl;
1373  int flags = 0;
1374  int res;
1375 
1376  memset( &crt, 0, sizeof( x509_cert ) );
1377  memset( &ca, 0, sizeof( x509_cert ) );
1378  memset( &crl, 0, sizeof( x509_crl ) );
1379 
1380  fct_chk( x509parse_crtfile( &crt, "data_files/server2.crt" ) == 0 );
1381  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1382  fct_chk( x509parse_crlfile( &crl, "data_files/crl_expired.pem" ) == 0 );
1383 
1384  res = x509parse_verify( &crt, &ca, &crl, NULL, &flags, NULL, NULL );
1385 
1386  x509_free( &crt );
1387  x509_free( &ca );
1388  x509_crl_free( &crl );
1389 
1390  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
1391  fct_chk( flags == ( BADCRL_EXPIRED ) );
1392  }
1393  FCT_TEST_END();
1394 #endif /* POLARSSL_PEM_C */
1395 #endif /* POLARSSL_FS_IO */
1396 
1397 #ifdef POLARSSL_PEM_C
1398 #ifdef POLARSSL_FS_IO
1399 
1400  FCT_TEST_BGN(x509_certificate_verification_5_revoked_cert)
1401  {
1402  x509_cert crt;
1403  x509_cert ca;
1404  x509_crl crl;
1405  int flags = 0;
1406  int res;
1407 
1408  memset( &crt, 0, sizeof( x509_cert ) );
1409  memset( &ca, 0, sizeof( x509_cert ) );
1410  memset( &crl, 0, sizeof( x509_crl ) );
1411 
1412  fct_chk( x509parse_crtfile( &crt, "data_files/server1.crt" ) == 0 );
1413  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1414  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
1415 
1416  res = x509parse_verify( &crt, &ca, &crl, NULL, &flags, NULL, NULL );
1417 
1418  x509_free( &crt );
1419  x509_free( &ca );
1420  x509_crl_free( &crl );
1421 
1422  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
1423  fct_chk( flags == ( BADCERT_REVOKED ) );
1424  }
1425  FCT_TEST_END();
1426 #endif /* POLARSSL_PEM_C */
1427 #endif /* POLARSSL_FS_IO */
1428 
1429 #ifdef POLARSSL_PEM_C
1430 #ifdef POLARSSL_FS_IO
1431 
1432  FCT_TEST_BGN(x509_certificate_verification_6_revoked_cert)
1433  {
1434  x509_cert crt;
1435  x509_cert ca;
1436  x509_crl crl;
1437  int flags = 0;
1438  int res;
1439 
1440  memset( &crt, 0, sizeof( x509_cert ) );
1441  memset( &ca, 0, sizeof( x509_cert ) );
1442  memset( &crl, 0, sizeof( x509_crl ) );
1443 
1444  fct_chk( x509parse_crtfile( &crt, "data_files/server1.crt" ) == 0 );
1445  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1446  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
1447 
1448  res = x509parse_verify( &crt, &ca, &crl, "PolarSSL Server 1", &flags, NULL, NULL );
1449 
1450  x509_free( &crt );
1451  x509_free( &ca );
1452  x509_crl_free( &crl );
1453 
1454  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
1455  fct_chk( flags == ( BADCERT_REVOKED ) );
1456  }
1457  FCT_TEST_END();
1458 #endif /* POLARSSL_PEM_C */
1459 #endif /* POLARSSL_FS_IO */
1460 
1461 #ifdef POLARSSL_PEM_C
1462 #ifdef POLARSSL_FS_IO
1463 
1464  FCT_TEST_BGN(x509_certificate_verification_7_revoked_cert_cn_mismatch)
1465  {
1466  x509_cert crt;
1467  x509_cert ca;
1468  x509_crl crl;
1469  int flags = 0;
1470  int res;
1471 
1472  memset( &crt, 0, sizeof( x509_cert ) );
1473  memset( &ca, 0, sizeof( x509_cert ) );
1474  memset( &crl, 0, sizeof( x509_crl ) );
1475 
1476  fct_chk( x509parse_crtfile( &crt, "data_files/server1.crt" ) == 0 );
1477  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1478  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
1479 
1480  res = x509parse_verify( &crt, &ca, &crl, "PolarSSL Wrong CN", &flags, NULL, NULL );
1481 
1482  x509_free( &crt );
1483  x509_free( &ca );
1484  x509_crl_free( &crl );
1485 
1486  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
1487  fct_chk( flags == ( BADCERT_REVOKED | BADCERT_CN_MISMATCH ) );
1488  }
1489  FCT_TEST_END();
1490 #endif /* POLARSSL_PEM_C */
1491 #endif /* POLARSSL_FS_IO */
1492 
1493 #ifdef POLARSSL_PEM_C
1494 #ifdef POLARSSL_FS_IO
1495 
1496  FCT_TEST_BGN(x509_certificate_verification_8_valid_cert)
1497  {
1498  x509_cert crt;
1499  x509_cert ca;
1500  x509_crl crl;
1501  int flags = 0;
1502  int res;
1503 
1504  memset( &crt, 0, sizeof( x509_cert ) );
1505  memset( &ca, 0, sizeof( x509_cert ) );
1506  memset( &crl, 0, sizeof( x509_crl ) );
1507 
1508  fct_chk( x509parse_crtfile( &crt, "data_files/server2.crt" ) == 0 );
1509  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1510  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
1511 
1512  res = x509parse_verify( &crt, &ca, &crl, NULL, &flags, NULL, NULL );
1513 
1514  x509_free( &crt );
1515  x509_free( &ca );
1516  x509_crl_free( &crl );
1517 
1518  fct_chk( res == ( 0 ) );
1519  fct_chk( flags == ( 0 ) );
1520  }
1521  FCT_TEST_END();
1522 #endif /* POLARSSL_PEM_C */
1523 #endif /* POLARSSL_FS_IO */
1524 
1525 #ifdef POLARSSL_PEM_C
1526 #ifdef POLARSSL_FS_IO
1527 
1528  FCT_TEST_BGN(x509_certificate_verification_9_not_trusted_cert)
1529  {
1530  x509_cert crt;
1531  x509_cert ca;
1532  x509_crl crl;
1533  int flags = 0;
1534  int res;
1535 
1536  memset( &crt, 0, sizeof( x509_cert ) );
1537  memset( &ca, 0, sizeof( x509_cert ) );
1538  memset( &crl, 0, sizeof( x509_crl ) );
1539 
1540  fct_chk( x509parse_crtfile( &crt, "data_files/server2.crt" ) == 0 );
1541  fct_chk( x509parse_crtfile( &ca, "data_files/server1.crt" ) == 0 );
1542  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
1543 
1544  res = x509parse_verify( &crt, &ca, &crl, NULL, &flags, NULL, NULL );
1545 
1546  x509_free( &crt );
1547  x509_free( &ca );
1548  x509_crl_free( &crl );
1549 
1550  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
1551  fct_chk( flags == ( BADCERT_NOT_TRUSTED ) );
1552  }
1553  FCT_TEST_END();
1554 #endif /* POLARSSL_PEM_C */
1555 #endif /* POLARSSL_FS_IO */
1556 
1557 #ifdef POLARSSL_PEM_C
1558 #ifdef POLARSSL_FS_IO
1559 
1560  FCT_TEST_BGN(x509_certificate_verification_10_not_trusted_cert_expired_crl)
1561  {
1562  x509_cert crt;
1563  x509_cert ca;
1564  x509_crl crl;
1565  int flags = 0;
1566  int res;
1567 
1568  memset( &crt, 0, sizeof( x509_cert ) );
1569  memset( &ca, 0, sizeof( x509_cert ) );
1570  memset( &crl, 0, sizeof( x509_crl ) );
1571 
1572  fct_chk( x509parse_crtfile( &crt, "data_files/server2.crt" ) == 0 );
1573  fct_chk( x509parse_crtfile( &ca, "data_files/server1.crt" ) == 0 );
1574  fct_chk( x509parse_crlfile( &crl, "data_files/crl_expired.pem" ) == 0 );
1575 
1576  res = x509parse_verify( &crt, &ca, &crl, NULL, &flags, NULL, NULL );
1577 
1578  x509_free( &crt );
1579  x509_free( &ca );
1580  x509_crl_free( &crl );
1581 
1582  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
1583  fct_chk( flags == ( BADCERT_NOT_TRUSTED ) );
1584  }
1585  FCT_TEST_END();
1586 #endif /* POLARSSL_PEM_C */
1587 #endif /* POLARSSL_FS_IO */
1588 
1589 #ifdef POLARSSL_MD4_C
1590 #ifdef POLARSSL_PEM_C
1591 #ifdef POLARSSL_FS_IO
1592 
1593  FCT_TEST_BGN(x509_certificate_verification_12_valid_cert_md4_digest)
1594  {
1595  x509_cert crt;
1596  x509_cert ca;
1597  x509_crl crl;
1598  int flags = 0;
1599  int res;
1600 
1601  memset( &crt, 0, sizeof( x509_cert ) );
1602  memset( &ca, 0, sizeof( x509_cert ) );
1603  memset( &crl, 0, sizeof( x509_crl ) );
1604 
1605  fct_chk( x509parse_crtfile( &crt, "data_files/cert_md4.crt" ) == 0 );
1606  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1607  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
1608 
1609  res = x509parse_verify( &crt, &ca, &crl, NULL, &flags, NULL, NULL );
1610 
1611  x509_free( &crt );
1612  x509_free( &ca );
1613  x509_crl_free( &crl );
1614 
1615  fct_chk( res == ( 0 ) );
1616  fct_chk( flags == ( 0 ) );
1617  }
1618  FCT_TEST_END();
1619 #endif /* POLARSSL_MD4_C */
1620 #endif /* POLARSSL_PEM_C */
1621 #endif /* POLARSSL_FS_IO */
1622 
1623 #ifdef POLARSSL_MD5_C
1624 #ifdef POLARSSL_PEM_C
1625 #ifdef POLARSSL_FS_IO
1626 
1627  FCT_TEST_BGN(x509_certificate_verification_13_valid_cert_md5_digest)
1628  {
1629  x509_cert crt;
1630  x509_cert ca;
1631  x509_crl crl;
1632  int flags = 0;
1633  int res;
1634 
1635  memset( &crt, 0, sizeof( x509_cert ) );
1636  memset( &ca, 0, sizeof( x509_cert ) );
1637  memset( &crl, 0, sizeof( x509_crl ) );
1638 
1639  fct_chk( x509parse_crtfile( &crt, "data_files/cert_md5.crt" ) == 0 );
1640  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1641  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
1642 
1643  res = x509parse_verify( &crt, &ca, &crl, NULL, &flags, NULL, NULL );
1644 
1645  x509_free( &crt );
1646  x509_free( &ca );
1647  x509_crl_free( &crl );
1648 
1649  fct_chk( res == ( 0 ) );
1650  fct_chk( flags == ( 0 ) );
1651  }
1652  FCT_TEST_END();
1653 #endif /* POLARSSL_MD5_C */
1654 #endif /* POLARSSL_PEM_C */
1655 #endif /* POLARSSL_FS_IO */
1656 
1657 #ifdef POLARSSL_SHA1_C
1658 #ifdef POLARSSL_PEM_C
1659 #ifdef POLARSSL_FS_IO
1660 
1661  FCT_TEST_BGN(x509_certificate_verification_14_valid_cert_sha1_digest)
1662  {
1663  x509_cert crt;
1664  x509_cert ca;
1665  x509_crl crl;
1666  int flags = 0;
1667  int res;
1668 
1669  memset( &crt, 0, sizeof( x509_cert ) );
1670  memset( &ca, 0, sizeof( x509_cert ) );
1671  memset( &crl, 0, sizeof( x509_crl ) );
1672 
1673  fct_chk( x509parse_crtfile( &crt, "data_files/cert_sha1.crt" ) == 0 );
1674  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1675  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
1676 
1677  res = x509parse_verify( &crt, &ca, &crl, NULL, &flags, NULL, NULL );
1678 
1679  x509_free( &crt );
1680  x509_free( &ca );
1681  x509_crl_free( &crl );
1682 
1683  fct_chk( res == ( 0 ) );
1684  fct_chk( flags == ( 0 ) );
1685  }
1686  FCT_TEST_END();
1687 #endif /* POLARSSL_SHA1_C */
1688 #endif /* POLARSSL_PEM_C */
1689 #endif /* POLARSSL_FS_IO */
1690 
1691 #ifdef POLARSSL_SHA2_C
1692 #ifdef POLARSSL_PEM_C
1693 #ifdef POLARSSL_FS_IO
1694 
1695  FCT_TEST_BGN(x509_certificate_verification_15_valid_cert_sha224_digest)
1696  {
1697  x509_cert crt;
1698  x509_cert ca;
1699  x509_crl crl;
1700  int flags = 0;
1701  int res;
1702 
1703  memset( &crt, 0, sizeof( x509_cert ) );
1704  memset( &ca, 0, sizeof( x509_cert ) );
1705  memset( &crl, 0, sizeof( x509_crl ) );
1706 
1707  fct_chk( x509parse_crtfile( &crt, "data_files/cert_sha224.crt" ) == 0 );
1708  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1709  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
1710 
1711  res = x509parse_verify( &crt, &ca, &crl, NULL, &flags, NULL, NULL );
1712 
1713  x509_free( &crt );
1714  x509_free( &ca );
1715  x509_crl_free( &crl );
1716 
1717  fct_chk( res == ( 0 ) );
1718  fct_chk( flags == ( 0 ) );
1719  }
1720  FCT_TEST_END();
1721 #endif /* POLARSSL_SHA2_C */
1722 #endif /* POLARSSL_PEM_C */
1723 #endif /* POLARSSL_FS_IO */
1724 
1725 #ifdef POLARSSL_SHA2_C
1726 #ifdef POLARSSL_PEM_C
1727 #ifdef POLARSSL_FS_IO
1728 
1729  FCT_TEST_BGN(x509_certificate_verification_16_valid_cert_sha256_digest)
1730  {
1731  x509_cert crt;
1732  x509_cert ca;
1733  x509_crl crl;
1734  int flags = 0;
1735  int res;
1736 
1737  memset( &crt, 0, sizeof( x509_cert ) );
1738  memset( &ca, 0, sizeof( x509_cert ) );
1739  memset( &crl, 0, sizeof( x509_crl ) );
1740 
1741  fct_chk( x509parse_crtfile( &crt, "data_files/cert_sha256.crt" ) == 0 );
1742  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1743  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
1744 
1745  res = x509parse_verify( &crt, &ca, &crl, NULL, &flags, NULL, NULL );
1746 
1747  x509_free( &crt );
1748  x509_free( &ca );
1749  x509_crl_free( &crl );
1750 
1751  fct_chk( res == ( 0 ) );
1752  fct_chk( flags == ( 0 ) );
1753  }
1754  FCT_TEST_END();
1755 #endif /* POLARSSL_SHA2_C */
1756 #endif /* POLARSSL_PEM_C */
1757 #endif /* POLARSSL_FS_IO */
1758 
1759 #ifdef POLARSSL_SHA4_C
1760 #ifdef POLARSSL_PEM_C
1761 #ifdef POLARSSL_FS_IO
1762 
1763  FCT_TEST_BGN(x509_certificate_verification_17_valid_cert_sha384_digest)
1764  {
1765  x509_cert crt;
1766  x509_cert ca;
1767  x509_crl crl;
1768  int flags = 0;
1769  int res;
1770 
1771  memset( &crt, 0, sizeof( x509_cert ) );
1772  memset( &ca, 0, sizeof( x509_cert ) );
1773  memset( &crl, 0, sizeof( x509_crl ) );
1774 
1775  fct_chk( x509parse_crtfile( &crt, "data_files/cert_sha384.crt" ) == 0 );
1776  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1777  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
1778 
1779  res = x509parse_verify( &crt, &ca, &crl, NULL, &flags, NULL, NULL );
1780 
1781  x509_free( &crt );
1782  x509_free( &ca );
1783  x509_crl_free( &crl );
1784 
1785  fct_chk( res == ( 0 ) );
1786  fct_chk( flags == ( 0 ) );
1787  }
1788  FCT_TEST_END();
1789 #endif /* POLARSSL_SHA4_C */
1790 #endif /* POLARSSL_PEM_C */
1791 #endif /* POLARSSL_FS_IO */
1792 
1793 #ifdef POLARSSL_SHA4_C
1794 #ifdef POLARSSL_PEM_C
1795 #ifdef POLARSSL_FS_IO
1796 
1797  FCT_TEST_BGN(x509_certificate_verification_18_valid_cert_sha512_digest)
1798  {
1799  x509_cert crt;
1800  x509_cert ca;
1801  x509_crl crl;
1802  int flags = 0;
1803  int res;
1804 
1805  memset( &crt, 0, sizeof( x509_cert ) );
1806  memset( &ca, 0, sizeof( x509_cert ) );
1807  memset( &crl, 0, sizeof( x509_crl ) );
1808 
1809  fct_chk( x509parse_crtfile( &crt, "data_files/cert_sha512.crt" ) == 0 );
1810  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1811  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
1812 
1813  res = x509parse_verify( &crt, &ca, &crl, NULL, &flags, NULL, NULL );
1814 
1815  x509_free( &crt );
1816  x509_free( &ca );
1817  x509_crl_free( &crl );
1818 
1819  fct_chk( res == ( 0 ) );
1820  fct_chk( flags == ( 0 ) );
1821  }
1822  FCT_TEST_END();
1823 #endif /* POLARSSL_SHA4_C */
1824 #endif /* POLARSSL_PEM_C */
1825 #endif /* POLARSSL_FS_IO */
1826 
1827 #ifdef POLARSSL_SHA4_C
1828 #ifdef POLARSSL_PEM_C
1829 #ifdef POLARSSL_FS_IO
1830 
1831  FCT_TEST_BGN(x509_certificate_verification_19_valid_cert_denying_callback)
1832  {
1833  x509_cert crt;
1834  x509_cert ca;
1835  x509_crl crl;
1836  int flags = 0;
1837  int res;
1838 
1839  memset( &crt, 0, sizeof( x509_cert ) );
1840  memset( &ca, 0, sizeof( x509_cert ) );
1841  memset( &crl, 0, sizeof( x509_crl ) );
1842 
1843  fct_chk( x509parse_crtfile( &crt, "data_files/cert_sha512.crt" ) == 0 );
1844  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1845  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
1846 
1847  res = x509parse_verify( &crt, &ca, &crl, NULL, &flags, verify_none, NULL );
1848 
1849  x509_free( &crt );
1850  x509_free( &ca );
1851  x509_crl_free( &crl );
1852 
1853  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
1854  fct_chk( flags == ( BADCERT_OTHER ) );
1855  }
1856  FCT_TEST_END();
1857 #endif /* POLARSSL_SHA4_C */
1858 #endif /* POLARSSL_PEM_C */
1859 #endif /* POLARSSL_FS_IO */
1860 
1861 #ifdef POLARSSL_PEM_C
1862 #ifdef POLARSSL_FS_IO
1863 
1864  FCT_TEST_BGN(x509_certificate_verification_20_not_trusted_cert_allowing_callback)
1865  {
1866  x509_cert crt;
1867  x509_cert ca;
1868  x509_crl crl;
1869  int flags = 0;
1870  int res;
1871 
1872  memset( &crt, 0, sizeof( x509_cert ) );
1873  memset( &ca, 0, sizeof( x509_cert ) );
1874  memset( &crl, 0, sizeof( x509_crl ) );
1875 
1876  fct_chk( x509parse_crtfile( &crt, "data_files/server2.crt" ) == 0 );
1877  fct_chk( x509parse_crtfile( &ca, "data_files/server1.crt" ) == 0 );
1878  fct_chk( x509parse_crlfile( &crl, "data_files/crl_expired.pem" ) == 0 );
1879 
1880  res = x509parse_verify( &crt, &ca, &crl, NULL, &flags, verify_all, NULL );
1881 
1882  x509_free( &crt );
1883  x509_free( &ca );
1884  x509_crl_free( &crl );
1885 
1886  fct_chk( res == ( 0 ) );
1887  fct_chk( flags == ( 0 ) );
1888  }
1889  FCT_TEST_END();
1890 #endif /* POLARSSL_PEM_C */
1891 #endif /* POLARSSL_FS_IO */
1892 
1893 #ifdef POLARSSL_PEM_C
1894 #ifdef POLARSSL_FS_IO
1895 
1896  FCT_TEST_BGN(x509_certificate_verification_21_domain_matching_wildcard_certificate)
1897  {
1898  x509_cert crt;
1899  x509_cert ca;
1900  x509_crl crl;
1901  int flags = 0;
1902  int res;
1903 
1904  memset( &crt, 0, sizeof( x509_cert ) );
1905  memset( &ca, 0, sizeof( x509_cert ) );
1906  memset( &crl, 0, sizeof( x509_crl ) );
1907 
1908  fct_chk( x509parse_crtfile( &crt, "data_files/cert_example_wildcard.crt" ) == 0 );
1909  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1910  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
1911 
1912  res = x509parse_verify( &crt, &ca, &crl, "mail.example.com", &flags, NULL, NULL );
1913 
1914  x509_free( &crt );
1915  x509_free( &ca );
1916  x509_crl_free( &crl );
1917 
1918  fct_chk( res == ( 0 ) );
1919  fct_chk( flags == ( 0 ) );
1920  }
1921  FCT_TEST_END();
1922 #endif /* POLARSSL_PEM_C */
1923 #endif /* POLARSSL_FS_IO */
1924 
1925 #ifdef POLARSSL_PEM_C
1926 #ifdef POLARSSL_FS_IO
1927 
1928  FCT_TEST_BGN(x509_certificate_verification_22_domain_not_matching_wildcard_certificate)
1929  {
1930  x509_cert crt;
1931  x509_cert ca;
1932  x509_crl crl;
1933  int flags = 0;
1934  int res;
1935 
1936  memset( &crt, 0, sizeof( x509_cert ) );
1937  memset( &ca, 0, sizeof( x509_cert ) );
1938  memset( &crl, 0, sizeof( x509_crl ) );
1939 
1940  fct_chk( x509parse_crtfile( &crt, "data_files/cert_example_wildcard.crt" ) == 0 );
1941  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1942  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
1943 
1944  res = x509parse_verify( &crt, &ca, &crl, "mail.example.net", &flags, NULL, NULL );
1945 
1946  x509_free( &crt );
1947  x509_free( &ca );
1948  x509_crl_free( &crl );
1949 
1950  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
1951  fct_chk( flags == ( BADCERT_CN_MISMATCH ) );
1952  }
1953  FCT_TEST_END();
1954 #endif /* POLARSSL_PEM_C */
1955 #endif /* POLARSSL_FS_IO */
1956 
1957 #ifdef POLARSSL_PEM_C
1958 #ifdef POLARSSL_FS_IO
1959 
1960  FCT_TEST_BGN(x509_certificate_verification_23_domain_not_matching_wildcard_certificate)
1961  {
1962  x509_cert crt;
1963  x509_cert ca;
1964  x509_crl crl;
1965  int flags = 0;
1966  int res;
1967 
1968  memset( &crt, 0, sizeof( x509_cert ) );
1969  memset( &ca, 0, sizeof( x509_cert ) );
1970  memset( &crl, 0, sizeof( x509_crl ) );
1971 
1972  fct_chk( x509parse_crtfile( &crt, "data_files/cert_example_wildcard.crt" ) == 0 );
1973  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
1974  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
1975 
1976  res = x509parse_verify( &crt, &ca, &crl, "example.com", &flags, NULL, NULL );
1977 
1978  x509_free( &crt );
1979  x509_free( &ca );
1980  x509_crl_free( &crl );
1981 
1982  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
1983  fct_chk( flags == ( BADCERT_CN_MISMATCH ) );
1984  }
1985  FCT_TEST_END();
1986 #endif /* POLARSSL_PEM_C */
1987 #endif /* POLARSSL_FS_IO */
1988 
1989 #ifdef POLARSSL_PEM_C
1990 #ifdef POLARSSL_FS_IO
1991 
1992  FCT_TEST_BGN(x509_certificate_verification_24_domain_matching_cn_of_multi_certificate)
1993  {
1994  x509_cert crt;
1995  x509_cert ca;
1996  x509_crl crl;
1997  int flags = 0;
1998  int res;
1999 
2000  memset( &crt, 0, sizeof( x509_cert ) );
2001  memset( &ca, 0, sizeof( x509_cert ) );
2002  memset( &crl, 0, sizeof( x509_crl ) );
2003 
2004  fct_chk( x509parse_crtfile( &crt, "data_files/cert_example_multi.crt" ) == 0 );
2005  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
2006  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
2007 
2008  res = x509parse_verify( &crt, &ca, &crl, "www.example.com", &flags, NULL, NULL );
2009 
2010  x509_free( &crt );
2011  x509_free( &ca );
2012  x509_crl_free( &crl );
2013 
2014  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
2015  fct_chk( flags == ( BADCERT_CN_MISMATCH ) );
2016  }
2017  FCT_TEST_END();
2018 #endif /* POLARSSL_PEM_C */
2019 #endif /* POLARSSL_FS_IO */
2020 
2021 #ifdef POLARSSL_PEM_C
2022 #ifdef POLARSSL_FS_IO
2023 
2024  FCT_TEST_BGN(x509_certificate_verification_25_domain_matching_multi_certificate)
2025  {
2026  x509_cert crt;
2027  x509_cert ca;
2028  x509_crl crl;
2029  int flags = 0;
2030  int res;
2031 
2032  memset( &crt, 0, sizeof( x509_cert ) );
2033  memset( &ca, 0, sizeof( x509_cert ) );
2034  memset( &crl, 0, sizeof( x509_crl ) );
2035 
2036  fct_chk( x509parse_crtfile( &crt, "data_files/cert_example_multi.crt" ) == 0 );
2037  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
2038  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
2039 
2040  res = x509parse_verify( &crt, &ca, &crl, "example.net", &flags, NULL, NULL );
2041 
2042  x509_free( &crt );
2043  x509_free( &ca );
2044  x509_crl_free( &crl );
2045 
2046  fct_chk( res == ( 0 ) );
2047  fct_chk( flags == ( 0 ) );
2048  }
2049  FCT_TEST_END();
2050 #endif /* POLARSSL_PEM_C */
2051 #endif /* POLARSSL_FS_IO */
2052 
2053 #ifdef POLARSSL_PEM_C
2054 #ifdef POLARSSL_FS_IO
2055 
2056  FCT_TEST_BGN(x509_certificate_verification_26_domain_not_matching_multi_certificate)
2057  {
2058  x509_cert crt;
2059  x509_cert ca;
2060  x509_crl crl;
2061  int flags = 0;
2062  int res;
2063 
2064  memset( &crt, 0, sizeof( x509_cert ) );
2065  memset( &ca, 0, sizeof( x509_cert ) );
2066  memset( &crl, 0, sizeof( x509_crl ) );
2067 
2068  fct_chk( x509parse_crtfile( &crt, "data_files/cert_example_multi.crt" ) == 0 );
2069  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
2070  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
2071 
2072  res = x509parse_verify( &crt, &ca, &crl, "www.example.net", &flags, NULL, NULL );
2073 
2074  x509_free( &crt );
2075  x509_free( &ca );
2076  x509_crl_free( &crl );
2077 
2078  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
2079  fct_chk( flags == ( BADCERT_CN_MISMATCH ) );
2080  }
2081  FCT_TEST_END();
2082 #endif /* POLARSSL_PEM_C */
2083 #endif /* POLARSSL_FS_IO */
2084 
2085 #ifdef POLARSSL_PEM_C
2086 #ifdef POLARSSL_FS_IO
2087 
2088  FCT_TEST_BGN(x509_certificate_verification_27_domain_not_matching_multi_certificate)
2089  {
2090  x509_cert crt;
2091  x509_cert ca;
2092  x509_crl crl;
2093  int flags = 0;
2094  int res;
2095 
2096  memset( &crt, 0, sizeof( x509_cert ) );
2097  memset( &ca, 0, sizeof( x509_cert ) );
2098  memset( &crl, 0, sizeof( x509_crl ) );
2099 
2100  fct_chk( x509parse_crtfile( &crt, "data_files/cert_example_multi.crt" ) == 0 );
2101  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
2102  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
2103 
2104  res = x509parse_verify( &crt, &ca, &crl, "xample.net", &flags, NULL, NULL );
2105 
2106  x509_free( &crt );
2107  x509_free( &ca );
2108  x509_crl_free( &crl );
2109 
2110  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
2111  fct_chk( flags == ( BADCERT_CN_MISMATCH ) );
2112  }
2113  FCT_TEST_END();
2114 #endif /* POLARSSL_PEM_C */
2115 #endif /* POLARSSL_FS_IO */
2116 
2117 #ifdef POLARSSL_PEM_C
2118 #ifdef POLARSSL_FS_IO
2119 
2120  FCT_TEST_BGN(x509_certificate_verification_27_domain_not_matching_multi_certificate)
2121  {
2122  x509_cert crt;
2123  x509_cert ca;
2124  x509_crl crl;
2125  int flags = 0;
2126  int res;
2127 
2128  memset( &crt, 0, sizeof( x509_cert ) );
2129  memset( &ca, 0, sizeof( x509_cert ) );
2130  memset( &crl, 0, sizeof( x509_crl ) );
2131 
2132  fct_chk( x509parse_crtfile( &crt, "data_files/cert_example_multi.crt" ) == 0 );
2133  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
2134  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
2135 
2136  res = x509parse_verify( &crt, &ca, &crl, "bexample.net", &flags, NULL, NULL );
2137 
2138  x509_free( &crt );
2139  x509_free( &ca );
2140  x509_crl_free( &crl );
2141 
2142  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
2143  fct_chk( flags == ( BADCERT_CN_MISMATCH ) );
2144  }
2145  FCT_TEST_END();
2146 #endif /* POLARSSL_PEM_C */
2147 #endif /* POLARSSL_FS_IO */
2148 
2149 #ifdef POLARSSL_PEM_C
2150 #ifdef POLARSSL_FS_IO
2151 
2152  FCT_TEST_BGN(x509_certificate_verification_28_domain_not_matching_wildcard_in_multi_certificate)
2153  {
2154  x509_cert crt;
2155  x509_cert ca;
2156  x509_crl crl;
2157  int flags = 0;
2158  int res;
2159 
2160  memset( &crt, 0, sizeof( x509_cert ) );
2161  memset( &ca, 0, sizeof( x509_cert ) );
2162  memset( &crl, 0, sizeof( x509_crl ) );
2163 
2164  fct_chk( x509parse_crtfile( &crt, "data_files/cert_example_multi.crt" ) == 0 );
2165  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
2166  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
2167 
2168  res = x509parse_verify( &crt, &ca, &crl, "example.org", &flags, NULL, NULL );
2169 
2170  x509_free( &crt );
2171  x509_free( &ca );
2172  x509_crl_free( &crl );
2173 
2174  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
2175  fct_chk( flags == ( BADCERT_CN_MISMATCH ) );
2176  }
2177  FCT_TEST_END();
2178 #endif /* POLARSSL_PEM_C */
2179 #endif /* POLARSSL_FS_IO */
2180 
2181 #ifdef POLARSSL_PEM_C
2182 #ifdef POLARSSL_FS_IO
2183 
2184  FCT_TEST_BGN(x509_certificate_verification_29_domain_matching_wildcard_in_multi_certificate)
2185  {
2186  x509_cert crt;
2187  x509_cert ca;
2188  x509_crl crl;
2189  int flags = 0;
2190  int res;
2191 
2192  memset( &crt, 0, sizeof( x509_cert ) );
2193  memset( &ca, 0, sizeof( x509_cert ) );
2194  memset( &crl, 0, sizeof( x509_crl ) );
2195 
2196  fct_chk( x509parse_crtfile( &crt, "data_files/cert_example_multi.crt" ) == 0 );
2197  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
2198  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
2199 
2200  res = x509parse_verify( &crt, &ca, &crl, "mail.example.org", &flags, NULL, NULL );
2201 
2202  x509_free( &crt );
2203  x509_free( &ca );
2204  x509_crl_free( &crl );
2205 
2206  fct_chk( res == ( 0 ) );
2207  fct_chk( flags == ( 0 ) );
2208  }
2209  FCT_TEST_END();
2210 #endif /* POLARSSL_PEM_C */
2211 #endif /* POLARSSL_FS_IO */
2212 
2213 #ifdef POLARSSL_PEM_C
2214 #ifdef POLARSSL_FS_IO
2215 
2216  FCT_TEST_BGN(x509_certificate_verification_30_domain_matching_multi_certificate_without_cn)
2217  {
2218  x509_cert crt;
2219  x509_cert ca;
2220  x509_crl crl;
2221  int flags = 0;
2222  int res;
2223 
2224  memset( &crt, 0, sizeof( x509_cert ) );
2225  memset( &ca, 0, sizeof( x509_cert ) );
2226  memset( &crl, 0, sizeof( x509_crl ) );
2227 
2228  fct_chk( x509parse_crtfile( &crt, "data_files/cert_example_multi_nocn.crt" ) == 0 );
2229  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
2230  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
2231 
2232  res = x509parse_verify( &crt, &ca, &crl, "www.shotokan-braunschweig.de", &flags, NULL, NULL );
2233 
2234  x509_free( &crt );
2235  x509_free( &ca );
2236  x509_crl_free( &crl );
2237 
2238  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
2239  fct_chk( flags == ( BADCERT_NOT_TRUSTED ) );
2240  }
2241  FCT_TEST_END();
2242 #endif /* POLARSSL_PEM_C */
2243 #endif /* POLARSSL_FS_IO */
2244 
2245 #ifdef POLARSSL_PEM_C
2246 #ifdef POLARSSL_FS_IO
2247 
2248  FCT_TEST_BGN(x509_certificate_verification_31_domain_not_matching_multi_certificate_without_cn)
2249  {
2250  x509_cert crt;
2251  x509_cert ca;
2252  x509_crl crl;
2253  int flags = 0;
2254  int res;
2255 
2256  memset( &crt, 0, sizeof( x509_cert ) );
2257  memset( &ca, 0, sizeof( x509_cert ) );
2258  memset( &crl, 0, sizeof( x509_crl ) );
2259 
2260  fct_chk( x509parse_crtfile( &crt, "data_files/cert_example_multi_nocn.crt" ) == 0 );
2261  fct_chk( x509parse_crtfile( &ca, "data_files/test-ca.crt" ) == 0 );
2262  fct_chk( x509parse_crlfile( &crl, "data_files/crl.pem" ) == 0 );
2263 
2264  res = x509parse_verify( &crt, &ca, &crl, "www.example.net", &flags, NULL, NULL );
2265 
2266  x509_free( &crt );
2267  x509_free( &ca );
2268  x509_crl_free( &crl );
2269 
2270  fct_chk( res == ( POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) );
2271  fct_chk( flags == ( BADCERT_CN_MISMATCH + BADCERT_NOT_TRUSTED ) );
2272  }
2273  FCT_TEST_END();
2274 #endif /* POLARSSL_PEM_C */
2275 #endif /* POLARSSL_FS_IO */
2276 
2277 #ifdef POLARSSL_MD5_C
2278 #ifdef POLARSSL_PEM_C
2279 #ifdef POLARSSL_SELF_TEST
2280 
2281  FCT_TEST_BGN(x509_parse_selftest)
2282  {
2283  fct_chk( x509_self_test( 0 ) == 0 );
2284  }
2285  FCT_TEST_END();
2286 #endif /* POLARSSL_MD5_C */
2287 #endif /* POLARSSL_PEM_C */
2288 #endif /* POLARSSL_SELF_TEST */
2289 
2290 
2291  FCT_TEST_BGN(x509_certificate_asn1_incorrect_first_tag)
2292  {
2293  x509_cert crt;
2294  unsigned char buf[2000];
2295  unsigned char output[2000];
2296  int data_len, res;
2297 
2298  memset( &crt, 0, sizeof( x509_cert ) );
2299  memset( buf, 0, 2000 );
2300  memset( output, 0, 2000 );
2301 
2302  data_len = unhexify( buf, "" );
2303 
2304  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_FORMAT ) );
2306  {
2307  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2308 
2309  fct_chk( res != -1 );
2310  fct_chk( res != -2 );
2311 
2312  fct_chk( strcmp( (char *) output, "" ) == 0 );
2313  }
2314 
2315  x509_free( &crt );
2316  }
2317  FCT_TEST_END();
2318 
2319 
2320  FCT_TEST_BGN(x509_certificate_asn1_correct_first_tag_data_length_does_not_match)
2321  {
2322  x509_cert crt;
2323  unsigned char buf[2000];
2324  unsigned char output[2000];
2325  int data_len, res;
2326 
2327  memset( &crt, 0, sizeof( x509_cert ) );
2328  memset( buf, 0, 2000 );
2329  memset( output, 0, 2000 );
2330 
2331  data_len = unhexify( buf, "300000" );
2332 
2335  {
2336  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2337 
2338  fct_chk( res != -1 );
2339  fct_chk( res != -2 );
2340 
2341  fct_chk( strcmp( (char *) output, "" ) == 0 );
2342  }
2343 
2344  x509_free( &crt );
2345  }
2346  FCT_TEST_END();
2347 
2348 
2349  FCT_TEST_BGN(x509_certificate_asn1_correct_first_tag_no_more_data)
2350  {
2351  x509_cert crt;
2352  unsigned char buf[2000];
2353  unsigned char output[2000];
2354  int data_len, res;
2355 
2356  memset( &crt, 0, sizeof( x509_cert ) );
2357  memset( buf, 0, 2000 );
2358  memset( output, 0, 2000 );
2359 
2360  data_len = unhexify( buf, "3000" );
2361 
2362  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
2364  {
2365  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2366 
2367  fct_chk( res != -1 );
2368  fct_chk( res != -2 );
2369 
2370  fct_chk( strcmp( (char *) output, "" ) == 0 );
2371  }
2372 
2373  x509_free( &crt );
2374  }
2375  FCT_TEST_END();
2376 
2377 
2378  FCT_TEST_BGN(x509_certificate_asn1_correct_first_tag_length_data_incorrect)
2379  {
2380  x509_cert crt;
2381  unsigned char buf[2000];
2382  unsigned char output[2000];
2383  int data_len, res;
2384 
2385  memset( &crt, 0, sizeof( x509_cert ) );
2386  memset( buf, 0, 2000 );
2387  memset( output, 0, 2000 );
2388 
2389  data_len = unhexify( buf, "30023085" );
2390 
2393  {
2394  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2395 
2396  fct_chk( res != -1 );
2397  fct_chk( res != -2 );
2398 
2399  fct_chk( strcmp( (char *) output, "" ) == 0 );
2400  }
2401 
2402  x509_free( &crt );
2403  }
2404  FCT_TEST_END();
2405 
2406 
2407  FCT_TEST_BGN(x509_certificate_asn1_correct_first_tag_length_data_incomplete)
2408  {
2409  x509_cert crt;
2410  unsigned char buf[2000];
2411  unsigned char output[2000];
2412  int data_len, res;
2413 
2414  memset( &crt, 0, sizeof( x509_cert ) );
2415  memset( buf, 0, 2000 );
2416  memset( output, 0, 2000 );
2417 
2418  data_len = unhexify( buf, "30023083" );
2419 
2420  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
2422  {
2423  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2424 
2425  fct_chk( res != -1 );
2426  fct_chk( res != -2 );
2427 
2428  fct_chk( strcmp( (char *) output, "" ) == 0 );
2429  }
2430 
2431  x509_free( &crt );
2432  }
2433  FCT_TEST_END();
2434 
2435 
2436  FCT_TEST_BGN(x509_certificate_asn1_correct_first_tag_length_data_incomplete)
2437  {
2438  x509_cert crt;
2439  unsigned char buf[2000];
2440  unsigned char output[2000];
2441  int data_len, res;
2442 
2443  memset( &crt, 0, sizeof( x509_cert ) );
2444  memset( buf, 0, 2000 );
2445  memset( output, 0, 2000 );
2446 
2447  data_len = unhexify( buf, "30023081" );
2448 
2449  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
2451  {
2452  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2453 
2454  fct_chk( res != -1 );
2455  fct_chk( res != -2 );
2456 
2457  fct_chk( strcmp( (char *) output, "" ) == 0 );
2458  }
2459 
2460  x509_free( &crt );
2461  }
2462  FCT_TEST_END();
2463 
2464 
2465  FCT_TEST_BGN(x509_certificate_asn1_correct_first_tag_length_data_incomplete)
2466  {
2467  x509_cert crt;
2468  unsigned char buf[2000];
2469  unsigned char output[2000];
2470  int data_len, res;
2471 
2472  memset( &crt, 0, sizeof( x509_cert ) );
2473  memset( buf, 0, 2000 );
2474  memset( output, 0, 2000 );
2475 
2476  data_len = unhexify( buf, "3003308200" );
2477 
2478  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
2480  {
2481  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2482 
2483  fct_chk( res != -1 );
2484  fct_chk( res != -2 );
2485 
2486  fct_chk( strcmp( (char *) output, "" ) == 0 );
2487  }
2488 
2489  x509_free( &crt );
2490  }
2491  FCT_TEST_END();
2492 
2493 
2494  FCT_TEST_BGN(x509_certificate_asn1_correct_first_tag_second_tag_no_tbscertificate)
2495  {
2496  x509_cert crt;
2497  unsigned char buf[2000];
2498  unsigned char output[2000];
2499  int data_len, res;
2500 
2501  memset( &crt, 0, sizeof( x509_cert ) );
2502  memset( buf, 0, 2000 );
2503  memset( output, 0, 2000 );
2504 
2505  data_len = unhexify( buf, "300100" );
2506 
2509  {
2510  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2511 
2512  fct_chk( res != -1 );
2513  fct_chk( res != -2 );
2514 
2515  fct_chk( strcmp( (char *) output, "" ) == 0 );
2516  }
2517 
2518  x509_free( &crt );
2519  }
2520  FCT_TEST_END();
2521 
2522 
2523  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_no_version_tag_serial_missing)
2524  {
2525  x509_cert crt;
2526  unsigned char buf[2000];
2527  unsigned char output[2000];
2528  int data_len, res;
2529 
2530  memset( &crt, 0, sizeof( x509_cert ) );
2531  memset( buf, 0, 2000 );
2532  memset( output, 0, 2000 );
2533 
2534  data_len = unhexify( buf, "3003300100" );
2535 
2538  {
2539  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2540 
2541  fct_chk( res != -1 );
2542  fct_chk( res != -2 );
2543 
2544  fct_chk( strcmp( (char *) output, "" ) == 0 );
2545  }
2546 
2547  x509_free( &crt );
2548  }
2549  FCT_TEST_END();
2550 
2551 
2552  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_invalid_version_tag)
2553  {
2554  x509_cert crt;
2555  unsigned char buf[2000];
2556  unsigned char output[2000];
2557  int data_len, res;
2558 
2559  memset( &crt, 0, sizeof( x509_cert ) );
2560  memset( buf, 0, 2000 );
2561  memset( output, 0, 2000 );
2562 
2563  data_len = unhexify( buf, "30053003a00101" );
2564 
2567  {
2568  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2569 
2570  fct_chk( res != -1 );
2571  fct_chk( res != -2 );
2572 
2573  fct_chk( strcmp( (char *) output, "" ) == 0 );
2574  }
2575 
2576  x509_free( &crt );
2577  }
2578  FCT_TEST_END();
2579 
2580 
2581  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_valid_version_tag_no_length)
2582  {
2583  x509_cert crt;
2584  unsigned char buf[2000];
2585  unsigned char output[2000];
2586  int data_len, res;
2587 
2588  memset( &crt, 0, sizeof( x509_cert ) );
2589  memset( buf, 0, 2000 );
2590  memset( output, 0, 2000 );
2591 
2592  data_len = unhexify( buf, "30053003a00102" );
2593 
2594  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_VERSION + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
2596  {
2597  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2598 
2599  fct_chk( res != -1 );
2600  fct_chk( res != -2 );
2601 
2602  fct_chk( strcmp( (char *) output, "" ) == 0 );
2603  }
2604 
2605  x509_free( &crt );
2606  }
2607  FCT_TEST_END();
2608 
2609 
2610  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_valid_version_tag_invalid_length)
2611  {
2612  x509_cert crt;
2613  unsigned char buf[2000];
2614  unsigned char output[2000];
2615  int data_len, res;
2616 
2617  memset( &crt, 0, sizeof( x509_cert ) );
2618  memset( buf, 0, 2000 );
2619  memset( output, 0, 2000 );
2620 
2621  data_len = unhexify( buf, "30163014a012021000000000000000000000000000000000" );
2622 
2625  {
2626  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2627 
2628  fct_chk( res != -1 );
2629  fct_chk( res != -2 );
2630 
2631  fct_chk( strcmp( (char *) output, "" ) == 0 );
2632  }
2633 
2634  x509_free( &crt );
2635  }
2636  FCT_TEST_END();
2637 
2638 
2639  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_valid_version_tag_no_serial)
2640  {
2641  x509_cert crt;
2642  unsigned char buf[2000];
2643  unsigned char output[2000];
2644  int data_len, res;
2645 
2646  memset( &crt, 0, sizeof( x509_cert ) );
2647  memset( buf, 0, 2000 );
2648  memset( output, 0, 2000 );
2649 
2650  data_len = unhexify( buf, "30073005a003020104" );
2651 
2652  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_SERIAL + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
2654  {
2655  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2656 
2657  fct_chk( res != -1 );
2658  fct_chk( res != -2 );
2659 
2660  fct_chk( strcmp( (char *) output, "" ) == 0 );
2661  }
2662 
2663  x509_free( &crt );
2664  }
2665  FCT_TEST_END();
2666 
2667 
2668  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_invalid_length_version_tag)
2669  {
2670  x509_cert crt;
2671  unsigned char buf[2000];
2672  unsigned char output[2000];
2673  int data_len, res;
2674 
2675  memset( &crt, 0, sizeof( x509_cert ) );
2676  memset( buf, 0, 2000 );
2677  memset( output, 0, 2000 );
2678 
2679  data_len = unhexify( buf, "30083006a00402010400" );
2680 
2683  {
2684  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2685 
2686  fct_chk( res != -1 );
2687  fct_chk( res != -2 );
2688 
2689  fct_chk( strcmp( (char *) output, "" ) == 0 );
2690  }
2691 
2692  x509_free( &crt );
2693  }
2694  FCT_TEST_END();
2695 
2696 
2697  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_incorrect_serial_tag)
2698  {
2699  x509_cert crt;
2700  unsigned char buf[2000];
2701  unsigned char output[2000];
2702  int data_len, res;
2703 
2704  memset( &crt, 0, sizeof( x509_cert ) );
2705  memset( buf, 0, 2000 );
2706  memset( output, 0, 2000 );
2707 
2708  data_len = unhexify( buf, "30083006a00302010400" );
2709 
2712  {
2713  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2714 
2715  fct_chk( res != -1 );
2716  fct_chk( res != -2 );
2717 
2718  fct_chk( strcmp( (char *) output, "" ) == 0 );
2719  }
2720 
2721  x509_free( &crt );
2722  }
2723  FCT_TEST_END();
2724 
2725 
2726  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_incorrect_serial_length)
2727  {
2728  x509_cert crt;
2729  unsigned char buf[2000];
2730  unsigned char output[2000];
2731  int data_len, res;
2732 
2733  memset( &crt, 0, sizeof( x509_cert ) );
2734  memset( buf, 0, 2000 );
2735  memset( output, 0, 2000 );
2736 
2737  data_len = unhexify( buf, "30083006a00302010482" );
2738 
2739  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_SERIAL + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
2741  {
2742  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2743 
2744  fct_chk( res != -1 );
2745  fct_chk( res != -2 );
2746 
2747  fct_chk( strcmp( (char *) output, "" ) == 0 );
2748  }
2749 
2750  x509_free( &crt );
2751  }
2752  FCT_TEST_END();
2753 
2754 
2755  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_correct_serial_no_alg)
2756  {
2757  x509_cert crt;
2758  unsigned char buf[2000];
2759  unsigned char output[2000];
2760  int data_len, res;
2761 
2762  memset( &crt, 0, sizeof( x509_cert ) );
2763  memset( buf, 0, 2000 );
2764  memset( output, 0, 2000 );
2765 
2766  data_len = unhexify( buf, "300d300ba0030201048204deadbeef" );
2767 
2768  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
2770  {
2771  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2772 
2773  fct_chk( res != -1 );
2774  fct_chk( res != -2 );
2775 
2776  fct_chk( strcmp( (char *) output, "" ) == 0 );
2777  }
2778 
2779  x509_free( &crt );
2780  }
2781  FCT_TEST_END();
2782 
2783 
2784  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_correct_serial_no_alg_oid)
2785  {
2786  x509_cert crt;
2787  unsigned char buf[2000];
2788  unsigned char output[2000];
2789  int data_len, res;
2790 
2791  memset( &crt, 0, sizeof( x509_cert ) );
2792  memset( buf, 0, 2000 );
2793  memset( output, 0, 2000 );
2794 
2795  data_len = unhexify( buf, "300e300ca0030201048204deadbeef00" );
2796 
2797  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) );
2799  {
2800  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2801 
2802  fct_chk( res != -1 );
2803  fct_chk( res != -2 );
2804 
2805  fct_chk( strcmp( (char *) output, "" ) == 0 );
2806  }
2807 
2808  x509_free( &crt );
2809  }
2810  FCT_TEST_END();
2811 
2812 
2813  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_alg_oid_no_data_in_sequence)
2814  {
2815  x509_cert crt;
2816  unsigned char buf[2000];
2817  unsigned char output[2000];
2818  int data_len, res;
2819 
2820  memset( &crt, 0, sizeof( x509_cert ) );
2821  memset( buf, 0, 2000 );
2822  memset( output, 0, 2000 );
2823 
2824  data_len = unhexify( buf, "300f300da0030201048204deadbeef3000" );
2825 
2826  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
2828  {
2829  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2830 
2831  fct_chk( res != -1 );
2832  fct_chk( res != -2 );
2833 
2834  fct_chk( strcmp( (char *) output, "" ) == 0 );
2835  }
2836 
2837  x509_free( &crt );
2838  }
2839  FCT_TEST_END();
2840 
2841 
2842  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_alg_with_params)
2843  {
2844  x509_cert crt;
2845  unsigned char buf[2000];
2846  unsigned char output[2000];
2847  int data_len, res;
2848 
2849  memset( &crt, 0, sizeof( x509_cert ) );
2850  memset( buf, 0, 2000 );
2851  memset( output, 0, 2000 );
2852 
2853  data_len = unhexify( buf, "30163014a0030201048204deadbeef30070604cafed00d01" );
2854 
2855  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) );
2857  {
2858  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2859 
2860  fct_chk( res != -1 );
2861  fct_chk( res != -2 );
2862 
2863  fct_chk( strcmp( (char *) output, "" ) == 0 );
2864  }
2865 
2866  x509_free( &crt );
2867  }
2868  FCT_TEST_END();
2869 
2870 
2871  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_correct_alg_data_no_params_unknown_version)
2872  {
2873  x509_cert crt;
2874  unsigned char buf[2000];
2875  unsigned char output[2000];
2876  int data_len, res;
2877 
2878  memset( &crt, 0, sizeof( x509_cert ) );
2879  memset( buf, 0, 2000 );
2880  memset( output, 0, 2000 );
2881 
2882  data_len = unhexify( buf, "30153013a0030201048204deadbeef30060604cafed00d" );
2883 
2884  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION ) );
2886  {
2887  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2888 
2889  fct_chk( res != -1 );
2890  fct_chk( res != -2 );
2891 
2892  fct_chk( strcmp( (char *) output, "" ) == 0 );
2893  }
2894 
2895  x509_free( &crt );
2896  }
2897  FCT_TEST_END();
2898 
2899 
2900  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_correct_alg_data_unknown_version)
2901  {
2902  x509_cert crt;
2903  unsigned char buf[2000];
2904  unsigned char output[2000];
2905  int data_len, res;
2906 
2907  memset( &crt, 0, sizeof( x509_cert ) );
2908  memset( buf, 0, 2000 );
2909  memset( output, 0, 2000 );
2910 
2911  data_len = unhexify( buf, "30173015a0030201048204deadbeef30080604cafed00d0500" );
2912 
2913  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION ) );
2915  {
2916  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2917 
2918  fct_chk( res != -1 );
2919  fct_chk( res != -2 );
2920 
2921  fct_chk( strcmp( (char *) output, "" ) == 0 );
2922  }
2923 
2924  x509_free( &crt );
2925  }
2926  FCT_TEST_END();
2927 
2928 
2929  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_correct_alg_data_length_mismatch)
2930  {
2931  x509_cert crt;
2932  unsigned char buf[2000];
2933  unsigned char output[2000];
2934  int data_len, res;
2935 
2936  memset( &crt, 0, sizeof( x509_cert ) );
2937  memset( buf, 0, 2000 );
2938  memset( output, 0, 2000 );
2939 
2940  data_len = unhexify( buf, "30183016a0030201048204deadbeef30090604cafed00d050000" );
2941 
2942  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_LENGTH_MISMATCH ) );
2944  {
2945  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2946 
2947  fct_chk( res != -1 );
2948  fct_chk( res != -2 );
2949 
2950  fct_chk( strcmp( (char *) output, "" ) == 0 );
2951  }
2952 
2953  x509_free( &crt );
2954  }
2955  FCT_TEST_END();
2956 
2957 
2958  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_correct_alg_unknown_alg_id)
2959  {
2960  x509_cert crt;
2961  unsigned char buf[2000];
2962  unsigned char output[2000];
2963  int data_len, res;
2964 
2965  memset( &crt, 0, sizeof( x509_cert ) );
2966  memset( buf, 0, 2000 );
2967  memset( output, 0, 2000 );
2968 
2969  data_len = unhexify( buf, "30173015a0030201028204deadbeef30080604cafed00d0500" );
2970 
2971  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG ) );
2973  {
2974  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
2975 
2976  fct_chk( res != -1 );
2977  fct_chk( res != -2 );
2978 
2979  fct_chk( strcmp( (char *) output, "" ) == 0 );
2980  }
2981 
2982  x509_free( &crt );
2983  }
2984  FCT_TEST_END();
2985 
2986 
2987  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_correct_alg_specific_alg_id)
2988  {
2989  x509_cert crt;
2990  unsigned char buf[2000];
2991  unsigned char output[2000];
2992  int data_len, res;
2993 
2994  memset( &crt, 0, sizeof( x509_cert ) );
2995  memset( buf, 0, 2000 );
2996  memset( output, 0, 2000 );
2997 
2998  data_len = unhexify( buf, "301c301aa0030201028204deadbeef300d06092a864886f70d0101020500" );
2999 
3000  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
3002  {
3003  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3004 
3005  fct_chk( res != -1 );
3006  fct_chk( res != -2 );
3007 
3008  fct_chk( strcmp( (char *) output, "" ) == 0 );
3009  }
3010 
3011  x509_free( &crt );
3012  }
3013  FCT_TEST_END();
3014 
3015 
3016  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_correct_alg_unknown_specific_alg_id)
3017  {
3018  x509_cert crt;
3019  unsigned char buf[2000];
3020  unsigned char output[2000];
3021  int data_len, res;
3022 
3023  memset( &crt, 0, sizeof( x509_cert ) );
3024  memset( buf, 0, 2000 );
3025  memset( output, 0, 2000 );
3026 
3027  data_len = unhexify( buf, "301c301aa0030201028204deadbeef300d06092a864886f70d0101010500" );
3028 
3029  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG ) );
3031  {
3032  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3033 
3034  fct_chk( res != -1 );
3035  fct_chk( res != -2 );
3036 
3037  fct_chk( strcmp( (char *) output, "" ) == 0 );
3038  }
3039 
3040  x509_free( &crt );
3041  }
3042  FCT_TEST_END();
3043 
3044 
3045  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_issuer_no_set_data)
3046  {
3047  x509_cert crt;
3048  unsigned char buf[2000];
3049  unsigned char output[2000];
3050  int data_len, res;
3051 
3052  memset( &crt, 0, sizeof( x509_cert ) );
3053  memset( buf, 0, 2000 );
3054  memset( output, 0, 2000 );
3055 
3056  data_len = unhexify( buf, "301e301ca0030201028204deadbeef300d06092a864886f70d01010205003000" );
3057 
3058  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
3060  {
3061  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3062 
3063  fct_chk( res != -1 );
3064  fct_chk( res != -2 );
3065 
3066  fct_chk( strcmp( (char *) output, "" ) == 0 );
3067  }
3068 
3069  x509_free( &crt );
3070  }
3071  FCT_TEST_END();
3072 
3073 
3074  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_issuer_no_inner_seq_data)
3075  {
3076  x509_cert crt;
3077  unsigned char buf[2000];
3078  unsigned char output[2000];
3079  int data_len, res;
3080 
3081  memset( &crt, 0, sizeof( x509_cert ) );
3082  memset( buf, 0, 2000 );
3083  memset( output, 0, 2000 );
3084 
3085  data_len = unhexify( buf, "3020301ea0030201028204deadbeef300d06092a864886f70d010102050030023100" );
3086 
3087  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
3089  {
3090  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3091 
3092  fct_chk( res != -1 );
3093  fct_chk( res != -2 );
3094 
3095  fct_chk( strcmp( (char *) output, "" ) == 0 );
3096  }
3097 
3098  x509_free( &crt );
3099  }
3100  FCT_TEST_END();
3101 
3102 
3103  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_issuer_no_inner_set_data)
3104  {
3105  x509_cert crt;
3106  unsigned char buf[2000];
3107  unsigned char output[2000];
3108  int data_len, res;
3109 
3110  memset( &crt, 0, sizeof( x509_cert ) );
3111  memset( buf, 0, 2000 );
3112  memset( output, 0, 2000 );
3113 
3114  data_len = unhexify( buf, "30223020a0030201028204deadbeef300d06092a864886f70d0101020500300431023000" );
3115 
3116  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
3118  {
3119  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3120 
3121  fct_chk( res != -1 );
3122  fct_chk( res != -2 );
3123 
3124  fct_chk( strcmp( (char *) output, "" ) == 0 );
3125  }
3126 
3127  x509_free( &crt );
3128  }
3129  FCT_TEST_END();
3130 
3131 
3132  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_issuer_two_inner_set_datas)
3133  {
3134  x509_cert crt;
3135  unsigned char buf[2000];
3136  unsigned char output[2000];
3137  int data_len, res;
3138 
3139  memset( &crt, 0, sizeof( x509_cert ) );
3140  memset( buf, 0, 2000 );
3141  memset( output, 0, 2000 );
3142 
3143  data_len = unhexify( buf, "30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430003000" );
3144 
3145  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) );
3147  {
3148  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3149 
3150  fct_chk( res != -1 );
3151  fct_chk( res != -2 );
3152 
3153  fct_chk( strcmp( (char *) output, "" ) == 0 );
3154  }
3155 
3156  x509_free( &crt );
3157  }
3158  FCT_TEST_END();
3159 
3160 
3161  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_issuer_no_oid_data)
3162  {
3163  x509_cert crt;
3164  unsigned char buf[2000];
3165  unsigned char output[2000];
3166  int data_len, res;
3167 
3168  memset( &crt, 0, sizeof( x509_cert ) );
3169  memset( buf, 0, 2000 );
3170  memset( output, 0, 2000 );
3171 
3172  data_len = unhexify( buf, "30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430020600" );
3173 
3174  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
3176  {
3177  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3178 
3179  fct_chk( res != -1 );
3180  fct_chk( res != -2 );
3181 
3182  fct_chk( strcmp( (char *) output, "" ) == 0 );
3183  }
3184 
3185  x509_free( &crt );
3186  }
3187  FCT_TEST_END();
3188 
3189 
3190  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_issuer_invalid_tag)
3191  {
3192  x509_cert crt;
3193  unsigned char buf[2000];
3194  unsigned char output[2000];
3195  int data_len, res;
3196 
3197  memset( &crt, 0, sizeof( x509_cert ) );
3198  memset( buf, 0, 2000 );
3199  memset( output, 0, 2000 );
3200 
3201  data_len = unhexify( buf, "302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600060454657374" );
3202 
3203  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) );
3205  {
3206  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3207 
3208  fct_chk( res != -1 );
3209  fct_chk( res != -2 );
3210 
3211  fct_chk( strcmp( (char *) output, "" ) == 0 );
3212  }
3213 
3214  x509_free( &crt );
3215  }
3216  FCT_TEST_END();
3217 
3218 
3219  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_issuer_no_string_data)
3220  {
3221  x509_cert crt;
3222  unsigned char buf[2000];
3223  unsigned char output[2000];
3224  int data_len, res;
3225 
3226  memset( &crt, 0, sizeof( x509_cert ) );
3227  memset( buf, 0, 2000 );
3228  memset( output, 0, 2000 );
3229 
3230  data_len = unhexify( buf, "30253023a0030201028204deadbeef300d06092a864886f70d0101020500300731053003060013" );
3231 
3232  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
3234  {
3235  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3236 
3237  fct_chk( res != -1 );
3238  fct_chk( res != -2 );
3239 
3240  fct_chk( strcmp( (char *) output, "" ) == 0 );
3241  }
3242 
3243  x509_free( &crt );
3244  }
3245  FCT_TEST_END();
3246 
3247 
3248  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_issuer_no_full_following_string)
3249  {
3250  x509_cert crt;
3251  unsigned char buf[2000];
3252  unsigned char output[2000];
3253  int data_len, res;
3254 
3255  memset( &crt, 0, sizeof( x509_cert ) );
3256  memset( buf, 0, 2000 );
3257  memset( output, 0, 2000 );
3258 
3259  data_len = unhexify( buf, "302b3029a0030201028204deadbeef300d06092a864886f70d0101020500300d310b3009060013045465737400" );
3260 
3261  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) );
3263  {
3264  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3265 
3266  fct_chk( res != -1 );
3267  fct_chk( res != -2 );
3268 
3269  fct_chk( strcmp( (char *) output, "" ) == 0 );
3270  }
3271 
3272  x509_free( &crt );
3273  }
3274  FCT_TEST_END();
3275 
3276 
3277  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_valid_issuer_no_validity)
3278  {
3279  x509_cert crt;
3280  unsigned char buf[2000];
3281  unsigned char output[2000];
3282  int data_len, res;
3283 
3284  memset( &crt, 0, sizeof( x509_cert ) );
3285  memset( buf, 0, 2000 );
3286  memset( output, 0, 2000 );
3287 
3288  data_len = unhexify( buf, "302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374" );
3289 
3290  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_DATE + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
3292  {
3293  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3294 
3295  fct_chk( res != -1 );
3296  fct_chk( res != -2 );
3297 
3298  fct_chk( strcmp( (char *) output, "" ) == 0 );
3299  }
3300 
3301  x509_free( &crt );
3302  }
3303  FCT_TEST_END();
3304 
3305 
3306  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_too_much_date_data)
3307  {
3308  x509_cert crt;
3309  unsigned char buf[2000];
3310  unsigned char output[2000];
3311  int data_len, res;
3312 
3313  memset( &crt, 0, sizeof( x509_cert ) );
3314  memset( buf, 0, 2000 );
3315  memset( output, 0, 2000 );
3316 
3317  data_len = unhexify( buf, "30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301d170c303930313031303030303030170c30393132333132333539353900" );
3318 
3319  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_DATE + POLARSSL_ERR_ASN1_LENGTH_MISMATCH ) );
3321  {
3322  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3323 
3324  fct_chk( res != -1 );
3325  fct_chk( res != -2 );
3326 
3327  fct_chk( strcmp( (char *) output, "" ) == 0 );
3328  }
3329 
3330  x509_free( &crt );
3331  }
3332  FCT_TEST_END();
3333 
3334 
3335  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_invalid_from_date)
3336  {
3337  x509_cert crt;
3338  unsigned char buf[2000];
3339  unsigned char output[2000];
3340  int data_len, res;
3341 
3342  memset( &crt, 0, sizeof( x509_cert ) );
3343  memset( buf, 0, 2000 );
3344  memset( output, 0, 2000 );
3345 
3346  data_len = unhexify( buf, "30483046a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323300000000" );
3347 
3348  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_DATE ) );
3350  {
3351  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3352 
3353  fct_chk( res != -1 );
3354  fct_chk( res != -2 );
3355 
3356  fct_chk( strcmp( (char *) output, "" ) == 0 );
3357  }
3358 
3359  x509_free( &crt );
3360  }
3361  FCT_TEST_END();
3362 
3363 
3364  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_invalid_to_date)
3365  {
3366  x509_cert crt;
3367  unsigned char buf[2000];
3368  unsigned char output[2000];
3369  int data_len, res;
3370 
3371  memset( &crt, 0, sizeof( x509_cert ) );
3372  memset( buf, 0, 2000 );
3373  memset( output, 0, 2000 );
3374 
3375  data_len = unhexify( buf, "30483046a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323300000000" );
3376 
3377  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_DATE ) );
3379  {
3380  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3381 
3382  fct_chk( res != -1 );
3383  fct_chk( res != -2 );
3384 
3385  fct_chk( strcmp( (char *) output, "" ) == 0 );
3386  }
3387 
3388  x509_free( &crt );
3389  }
3390  FCT_TEST_END();
3391 
3392 
3393  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_valid_validity_no_subject)
3394  {
3395  x509_cert crt;
3396  unsigned char buf[2000];
3397  unsigned char output[2000];
3398  int data_len, res;
3399 
3400  memset( &crt, 0, sizeof( x509_cert ) );
3401  memset( buf, 0, 2000 );
3402  memset( output, 0, 2000 );
3403 
3404  data_len = unhexify( buf, "30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930" );
3405 
3406  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
3408  {
3409  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3410 
3411  fct_chk( res != -1 );
3412  fct_chk( res != -2 );
3413 
3414  fct_chk( strcmp( (char *) output, "" ) == 0 );
3415  }
3416 
3417  x509_free( &crt );
3418  }
3419  FCT_TEST_END();
3420 
3421 
3422  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_valid_subject_no_pubkeyinfo)
3423  {
3424  x509_cert crt;
3425  unsigned char buf[2000];
3426  unsigned char output[2000];
3427  int data_len, res;
3428 
3429  memset( &crt, 0, sizeof( x509_cert ) );
3430  memset( buf, 0, 2000 );
3431  memset( output, 0, 2000 );
3432 
3433  data_len = unhexify( buf, "30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374" );
3434 
3435  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
3437  {
3438  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3439 
3440  fct_chk( res != -1 );
3441  fct_chk( res != -2 );
3442 
3443  fct_chk( strcmp( (char *) output, "" ) == 0 );
3444  }
3445 
3446  x509_free( &crt );
3447  }
3448  FCT_TEST_END();
3449 
3450 
3451  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_pubkey_no_alg)
3452  {
3453  x509_cert crt;
3454  unsigned char buf[2000];
3455  unsigned char output[2000];
3456  int data_len, res;
3457 
3458  memset( &crt, 0, sizeof( x509_cert ) );
3459  memset( buf, 0, 2000 );
3460  memset( output, 0, 2000 );
3461 
3462  data_len = unhexify( buf, "30583056a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000" );
3463 
3464  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
3466  {
3467  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3468 
3469  fct_chk( res != -1 );
3470  fct_chk( res != -2 );
3471 
3472  fct_chk( strcmp( (char *) output, "" ) == 0 );
3473  }
3474 
3475  x509_free( &crt );
3476  }
3477  FCT_TEST_END();
3478 
3479 
3480  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_valid_subject_unknown_pk_alg)
3481  {
3482  x509_cert crt;
3483  unsigned char buf[2000];
3484  unsigned char output[2000];
3485  int data_len, res;
3486 
3487  memset( &crt, 0, sizeof( x509_cert ) );
3488  memset( buf, 0, 2000 );
3489  memset( output, 0, 2000 );
3490 
3491  data_len = unhexify( buf, "30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101000500" );
3492 
3493  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_UNKNOWN_PK_ALG ) );
3494  if( ( POLARSSL_ERR_X509_UNKNOWN_PK_ALG ) == 0 )
3495  {
3496  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3497 
3498  fct_chk( res != -1 );
3499  fct_chk( res != -2 );
3500 
3501  fct_chk( strcmp( (char *) output, "" ) == 0 );
3502  }
3503 
3504  x509_free( &crt );
3505  }
3506  FCT_TEST_END();
3507 
3508 
3509  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_pubkey_no_bitstring)
3510  {
3511  x509_cert crt;
3512  unsigned char buf[2000];
3513  unsigned char output[2000];
3514  int data_len, res;
3515 
3516  memset( &crt, 0, sizeof( x509_cert ) );
3517  memset( buf, 0, 2000 );
3518  memset( output, 0, 2000 );
3519 
3520  data_len = unhexify( buf, "30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500" );
3521 
3522  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
3524  {
3525  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3526 
3527  fct_chk( res != -1 );
3528  fct_chk( res != -2 );
3529 
3530  fct_chk( strcmp( (char *) output, "" ) == 0 );
3531  }
3532 
3533  x509_free( &crt );
3534  }
3535  FCT_TEST_END();
3536 
3537 
3538  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_pubkey_no_bitstring_data)
3539  {
3540  x509_cert crt;
3541  unsigned char buf[2000];
3542  unsigned char output[2000];
3543  int data_len, res;
3544 
3545  memset( &crt, 0, sizeof( x509_cert ) );
3546  memset( buf, 0, 2000 );
3547  memset( output, 0, 2000 );
3548 
3549  data_len = unhexify( buf, "30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300" );
3550 
3551  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
3553  {
3554  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3555 
3556  fct_chk( res != -1 );
3557  fct_chk( res != -2 );
3558 
3559  fct_chk( strcmp( (char *) output, "" ) == 0 );
3560  }
3561 
3562  x509_free( &crt );
3563  }
3564  FCT_TEST_END();
3565 
3566 
3567  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_pubkey_invalid_bitstring_start)
3568  {
3569  x509_cert crt;
3570  unsigned char buf[2000];
3571  unsigned char output[2000];
3572  int data_len, res;
3573 
3574  memset( &crt, 0, sizeof( x509_cert ) );
3575  memset( buf, 0, 2000 );
3576  memset( output, 0, 2000 );
3577 
3578  data_len = unhexify( buf, "306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101" );
3579 
3580  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY ) );
3582  {
3583  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3584 
3585  fct_chk( res != -1 );
3586  fct_chk( res != -2 );
3587 
3588  fct_chk( strcmp( (char *) output, "" ) == 0 );
3589  }
3590 
3591  x509_free( &crt );
3592  }
3593  FCT_TEST_END();
3594 
3595 
3596  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_pubkey_invalid_internal_bitstring_length)
3597  {
3598  x509_cert crt;
3599  unsigned char buf[2000];
3600  unsigned char output[2000];
3601  int data_len, res;
3602 
3603  memset( &crt, 0, sizeof( x509_cert ) );
3604  memset( buf, 0, 2000 );
3605  memset( output, 0, 2000 );
3606 
3607  data_len = unhexify( buf, "306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000" );
3608 
3611  {
3612  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3613 
3614  fct_chk( res != -1 );
3615  fct_chk( res != -2 );
3616 
3617  fct_chk( strcmp( (char *) output, "" ) == 0 );
3618  }
3619 
3620  x509_free( &crt );
3621  }
3622  FCT_TEST_END();
3623 
3624 
3625  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_pubkey_invalid_internal_bitstring_tag)
3626  {
3627  x509_cert crt;
3628  unsigned char buf[2000];
3629  unsigned char output[2000];
3630  int data_len, res;
3631 
3632  memset( &crt, 0, sizeof( x509_cert ) );
3633  memset( buf, 0, 2000 );
3634  memset( output, 0, 2000 );
3635 
3636  data_len = unhexify( buf, "306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000" );
3637 
3640  {
3641  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3642 
3643  fct_chk( res != -1 );
3644  fct_chk( res != -2 );
3645 
3646  fct_chk( strcmp( (char *) output, "" ) == 0 );
3647  }
3648 
3649  x509_free( &crt );
3650  }
3651  FCT_TEST_END();
3652 
3653 
3654  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_pubkey_invalid_mpi)
3655  {
3656  x509_cert crt;
3657  unsigned char buf[2000];
3658  unsigned char output[2000];
3659  int data_len, res;
3660 
3661  memset( &crt, 0, sizeof( x509_cert ) );
3662  memset( buf, 0, 2000 );
3663  memset( output, 0, 2000 );
3664 
3665  data_len = unhexify( buf, "30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff" );
3666 
3669  {
3670  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3671 
3672  fct_chk( res != -1 );
3673  fct_chk( res != -2 );
3674 
3675  fct_chk( strcmp( (char *) output, "" ) == 0 );
3676  }
3677 
3678  x509_free( &crt );
3679  }
3680  FCT_TEST_END();
3681 
3682 
3683  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_pubkey_total_length_mismatch)
3684  {
3685  x509_cert crt;
3686  unsigned char buf[2000];
3687  unsigned char output[2000];
3688  int data_len, res;
3689 
3690  memset( &crt, 0, sizeof( x509_cert ) );
3691  memset( buf, 0, 2000 );
3692  memset( output, 0, 2000 );
3693 
3694  data_len = unhexify( buf, "30753073a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d300d06092A864886F70D0101010500030b0030080202ffff0202ffff00" );
3695 
3698  {
3699  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3700 
3701  fct_chk( res != -1 );
3702  fct_chk( res != -2 );
3703 
3704  fct_chk( strcmp( (char *) output, "" ) == 0 );
3705  }
3706 
3707  x509_free( &crt );
3708  }
3709  FCT_TEST_END();
3710 
3711 
3712  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_pubkey_check_failed)
3713  {
3714  x509_cert crt;
3715  unsigned char buf[2000];
3716  unsigned char output[2000];
3717  int data_len, res;
3718 
3719  memset( &crt, 0, sizeof( x509_cert ) );
3720  memset( buf, 0, 2000 );
3721  memset( output, 0, 2000 );
3722 
3723  data_len = unhexify( buf, "30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff" );
3724 
3725  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_RSA_KEY_CHECK_FAILED ) );
3726  if( ( POLARSSL_ERR_RSA_KEY_CHECK_FAILED ) == 0 )
3727  {
3728  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3729 
3730  fct_chk( res != -1 );
3731  fct_chk( res != -2 );
3732 
3733  fct_chk( strcmp( (char *) output, "" ) == 0 );
3734  }
3735 
3736  x509_free( &crt );
3737  }
3738  FCT_TEST_END();
3739 
3740 
3741  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_pubkey_check_failed_expanded_length_notation)
3742  {
3743  x509_cert crt;
3744  unsigned char buf[2000];
3745  unsigned char output[2000];
3746  int data_len, res;
3747 
3748  memset( &crt, 0, sizeof( x509_cert ) );
3749  memset( buf, 0, 2000 );
3750  memset( output, 0, 2000 );
3751 
3752  data_len = unhexify( buf, "308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff" );
3753 
3754  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_RSA_KEY_CHECK_FAILED ) );
3755  if( ( POLARSSL_ERR_RSA_KEY_CHECK_FAILED ) == 0 )
3756  {
3757  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3758 
3759  fct_chk( res != -1 );
3760  fct_chk( res != -2 );
3761 
3762  fct_chk( strcmp( (char *) output, "" ) == 0 );
3763  }
3764 
3765  x509_free( &crt );
3766  }
3767  FCT_TEST_END();
3768 
3769 
3770  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_v3_optional_uids_extensions_not_present)
3771  {
3772  x509_cert crt;
3773  unsigned char buf[2000];
3774  unsigned char output[2000];
3775  int data_len, res;
3776 
3777  memset( &crt, 0, sizeof( x509_cert ) );
3778  memset( buf, 0, 2000 );
3779  memset( output, 0, 2000 );
3780 
3781  data_len = unhexify( buf, "308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff" );
3782 
3783  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
3785  {
3786  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3787 
3788  fct_chk( res != -1 );
3789  fct_chk( res != -2 );
3790 
3791  fct_chk( strcmp( (char *) output, "" ) == 0 );
3792  }
3793 
3794  x509_free( &crt );
3795  }
3796  FCT_TEST_END();
3797 
3798 
3799  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_v3_issuerid_wrong_tag)
3800  {
3801  x509_cert crt;
3802  unsigned char buf[2000];
3803  unsigned char output[2000];
3804  int data_len, res;
3805 
3806  memset( &crt, 0, sizeof( x509_cert ) );
3807  memset( buf, 0, 2000 );
3808  memset( output, 0, 2000 );
3809 
3810  data_len = unhexify( buf, "308184308181a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff00" );
3811 
3814  {
3815  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3816 
3817  fct_chk( res != -1 );
3818  fct_chk( res != -2 );
3819 
3820  fct_chk( strcmp( (char *) output, "" ) == 0 );
3821  }
3822 
3823  x509_free( &crt );
3824  }
3825  FCT_TEST_END();
3826 
3827 
3828  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_v3_uids_no_ext)
3829  {
3830  x509_cert crt;
3831  unsigned char buf[2000];
3832  unsigned char output[2000];
3833  int data_len, res;
3834 
3835  memset( &crt, 0, sizeof( x509_cert ) );
3836  memset( buf, 0, 2000 );
3837  memset( output, 0, 2000 );
3838 
3839  data_len = unhexify( buf, "308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bb" );
3840 
3841  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
3843  {
3844  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3845 
3846  fct_chk( res != -1 );
3847  fct_chk( res != -2 );
3848 
3849  fct_chk( strcmp( (char *) output, "" ) == 0 );
3850  }
3851 
3852  x509_free( &crt );
3853  }
3854  FCT_TEST_END();
3855 
3856 
3857  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_v3_uids_invalid_length)
3858  {
3859  x509_cert crt;
3860  unsigned char buf[2000];
3861  unsigned char output[2000];
3862  int data_len, res;
3863 
3864  memset( &crt, 0, sizeof( x509_cert ) );
3865  memset( buf, 0, 2000 );
3866  memset( output, 0, 2000 );
3867 
3868  data_len = unhexify( buf, "308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa185aaa201bb" );
3869 
3870  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_ASN1_INVALID_LENGTH ) );
3871  if( ( POLARSSL_ERR_ASN1_INVALID_LENGTH ) == 0 )
3872  {
3873  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3874 
3875  fct_chk( res != -1 );
3876  fct_chk( res != -2 );
3877 
3878  fct_chk( strcmp( (char *) output, "" ) == 0 );
3879  }
3880 
3881  x509_free( &crt );
3882  }
3883  FCT_TEST_END();
3884 
3885 
3886  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_v3_ext_empty)
3887  {
3888  x509_cert crt;
3889  unsigned char buf[2000];
3890  unsigned char output[2000];
3891  int data_len, res;
3892 
3893  memset( &crt, 0, sizeof( x509_cert ) );
3894  memset( buf, 0, 2000 );
3895  memset( output, 0, 2000 );
3896 
3897  data_len = unhexify( buf, "30818b308188a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba300" );
3898 
3901  {
3902  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3903 
3904  fct_chk( res != -1 );
3905  fct_chk( res != -2 );
3906 
3907  fct_chk( strcmp( (char *) output, "" ) == 0 );
3908  }
3909 
3910  x509_free( &crt );
3911  }
3912  FCT_TEST_END();
3913 
3914 
3915  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_v3_ext_length_mismatch)
3916  {
3917  x509_cert crt;
3918  unsigned char buf[2000];
3919  unsigned char output[2000];
3920  int data_len, res;
3921 
3922  memset( &crt, 0, sizeof( x509_cert ) );
3923  memset( buf, 0, 2000 );
3924  memset( output, 0, 2000 );
3925 
3926  data_len = unhexify( buf, "30818e30818ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba303300000" );
3927 
3930  {
3931  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3932 
3933  fct_chk( res != -1 );
3934  fct_chk( res != -2 );
3935 
3936  fct_chk( strcmp( (char *) output, "" ) == 0 );
3937  }
3938 
3939  x509_free( &crt );
3940  }
3941  FCT_TEST_END();
3942 
3943 
3944  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_v3_first_ext_invalid)
3945  {
3946  x509_cert crt;
3947  unsigned char buf[2000];
3948  unsigned char output[2000];
3949  int data_len, res;
3950 
3951  memset( &crt, 0, sizeof( x509_cert ) );
3952  memset( buf, 0, 2000 );
3953  memset( output, 0, 2000 );
3954 
3955  data_len = unhexify( buf, "30818f30818ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30330023000" );
3956 
3959  {
3960  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3961 
3962  fct_chk( res != -1 );
3963  fct_chk( res != -2 );
3964 
3965  fct_chk( strcmp( (char *) output, "" ) == 0 );
3966  }
3967 
3968  x509_free( &crt );
3969  }
3970  FCT_TEST_END();
3971 
3972 
3973  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_v3_first_ext_invalid_tag)
3974  {
3975  x509_cert crt;
3976  unsigned char buf[2000];
3977  unsigned char output[2000];
3978  int data_len, res;
3979 
3980  memset( &crt, 0, sizeof( x509_cert ) );
3981  memset( buf, 0, 2000 );
3982  memset( output, 0, 2000 );
3983 
3984  data_len = unhexify( buf, "30819030818da0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba3043002310000" );
3985 
3988  {
3989  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
3990 
3991  fct_chk( res != -1 );
3992  fct_chk( res != -2 );
3993 
3994  fct_chk( strcmp( (char *) output, "" ) == 0 );
3995  }
3996 
3997  x509_free( &crt );
3998  }
3999  FCT_TEST_END();
4000 
4001 
4002  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_v3_ext_basiccontraint_tag_bool_len_missing)
4003  {
4004  x509_cert crt;
4005  unsigned char buf[2000];
4006  unsigned char output[2000];
4007  int data_len, res;
4008 
4009  memset( &crt, 0, sizeof( x509_cert ) );
4010  memset( buf, 0, 2000 );
4011  memset( output, 0, 2000 );
4012 
4013  data_len = unhexify( buf, "308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d1301010100" );
4014 
4017  {
4018  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4019 
4020  fct_chk( res != -1 );
4021  fct_chk( res != -2 );
4022 
4023  fct_chk( strcmp( (char *) output, "" ) == 0 );
4024  }
4025 
4026  x509_free( &crt );
4027  }
4028  FCT_TEST_END();
4029 
4030 
4031  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_v3_ext_basiccontraint_tag_data_missing)
4032  {
4033  x509_cert crt;
4034  unsigned char buf[2000];
4035  unsigned char output[2000];
4036  int data_len, res;
4037 
4038  memset( &crt, 0, sizeof( x509_cert ) );
4039  memset( buf, 0, 2000 );
4040  memset( output, 0, 2000 );
4041 
4042  data_len = unhexify( buf, "308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30080603551d1301010100" );
4043 
4046  {
4047  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4048 
4049  fct_chk( res != -1 );
4050  fct_chk( res != -2 );
4051 
4052  fct_chk( strcmp( (char *) output, "" ) == 0 );
4053  }
4054 
4055  x509_free( &crt );
4056  }
4057  FCT_TEST_END();
4058 
4059 
4060  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_v3_ext_basiccontraint_tag_no_octet_present)
4061  {
4062  x509_cert crt;
4063  unsigned char buf[2000];
4064  unsigned char output[2000];
4065  int data_len, res;
4066 
4067  memset( &crt, 0, sizeof( x509_cert ) );
4068  memset( buf, 0, 2000 );
4069  memset( output, 0, 2000 );
4070 
4071  data_len = unhexify( buf, "308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30d300b30090603551d1301010100" );
4072 
4075  {
4076  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4077 
4078  fct_chk( res != -1 );
4079  fct_chk( res != -2 );
4080 
4081  fct_chk( strcmp( (char *) output, "" ) == 0 );
4082  }
4083 
4084  x509_free( &crt );
4085  }
4086  FCT_TEST_END();
4087 
4088 
4089  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_v3_ext_basiccontraint_tag_octet_data_missing)
4090  {
4091  x509_cert crt;
4092  unsigned char buf[2000];
4093  unsigned char output[2000];
4094  int data_len, res;
4095 
4096  memset( &crt, 0, sizeof( x509_cert ) );
4097  memset( buf, 0, 2000 );
4098  memset( output, 0, 2000 );
4099 
4100  data_len = unhexify( buf, "30819c308199a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba311300f300d0603551d130101010403300100" );
4101 
4104  {
4105  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4106 
4107  fct_chk( res != -1 );
4108  fct_chk( res != -2 );
4109 
4110  fct_chk( strcmp( (char *) output, "" ) == 0 );
4111  }
4112 
4113  x509_free( &crt );
4114  }
4115  FCT_TEST_END();
4116 
4117 
4118  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_v3_ext_basiccontraint_tag_no_pathlen)
4119  {
4120  x509_cert crt;
4121  unsigned char buf[2000];
4122  unsigned char output[2000];
4123  int data_len, res;
4124 
4125  memset( &crt, 0, sizeof( x509_cert ) );
4126  memset( buf, 0, 2000 );
4127  memset( output, 0, 2000 );
4128 
4129  data_len = unhexify( buf, "30819f30819ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba314301230100603551d130101010406300402010102" );
4130 
4133  {
4134  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4135 
4136  fct_chk( res != -1 );
4137  fct_chk( res != -2 );
4138 
4139  fct_chk( strcmp( (char *) output, "" ) == 0 );
4140  }
4141 
4142  x509_free( &crt );
4143  }
4144  FCT_TEST_END();
4145 
4146 
4147  FCT_TEST_BGN(x509_certificate_asn1_tbscertificate_v3_ext_basiccontraint_tag_octet_len_mismatch)
4148  {
4149  x509_cert crt;
4150  unsigned char buf[2000];
4151  unsigned char output[2000];
4152  int data_len, res;
4153 
4154  memset( &crt, 0, sizeof( x509_cert ) );
4155  memset( buf, 0, 2000 );
4156  memset( output, 0, 2000 );
4157 
4158  data_len = unhexify( buf, "3081a230819fa0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba317301530130603551d130101010409300702010102010100" );
4159 
4162  {
4163  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4164 
4165  fct_chk( res != -1 );
4166  fct_chk( res != -2 );
4167 
4168  fct_chk( strcmp( (char *) output, "" ) == 0 );
4169  }
4170 
4171  x509_free( &crt );
4172  }
4173  FCT_TEST_END();
4174 
4175 
4176  FCT_TEST_BGN(x509_certificate_asn1_correct_pubkey_no_sig_alg)
4177  {
4178  x509_cert crt;
4179  unsigned char buf[2000];
4180  unsigned char output[2000];
4181  int data_len, res;
4182 
4183  memset( &crt, 0, sizeof( x509_cert ) );
4184  memset( buf, 0, 2000 );
4185  memset( output, 0, 2000 );
4186 
4187  data_len = unhexify( buf, "308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff" );
4188 
4189  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
4191  {
4192  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4193 
4194  fct_chk( res != -1 );
4195  fct_chk( res != -2 );
4196 
4197  fct_chk( strcmp( (char *) output, "" ) == 0 );
4198  }
4199 
4200  x509_free( &crt );
4201  }
4202  FCT_TEST_END();
4203 
4204 
4205  FCT_TEST_BGN(x509_certificate_asn1_sig_alg_mismatch)
4206  {
4207  x509_cert crt;
4208  unsigned char buf[2000];
4209  unsigned char output[2000];
4210  int data_len, res;
4211 
4212  memset( &crt, 0, sizeof( x509_cert ) );
4213  memset( buf, 0, 2000 );
4214  memset( output, 0, 2000 );
4215 
4216  data_len = unhexify( buf, "308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0102020500" );
4217 
4218  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_SIG_MISMATCH ) );
4220  {
4221  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4222 
4223  fct_chk( res != -1 );
4224  fct_chk( res != -2 );
4225 
4226  fct_chk( strcmp( (char *) output, "" ) == 0 );
4227  }
4228 
4229  x509_free( &crt );
4230  }
4231  FCT_TEST_END();
4232 
4233 
4234  FCT_TEST_BGN(x509_certificate_asn1_sig_alg_no_sig)
4235  {
4236  x509_cert crt;
4237  unsigned char buf[2000];
4238  unsigned char output[2000];
4239  int data_len, res;
4240 
4241  memset( &crt, 0, sizeof( x509_cert ) );
4242  memset( buf, 0, 2000 );
4243  memset( output, 0, 2000 );
4244 
4245  data_len = unhexify( buf, "308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500" );
4246 
4249  {
4250  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4251 
4252  fct_chk( res != -1 );
4253  fct_chk( res != -2 );
4254 
4255  fct_chk( strcmp( (char *) output, "" ) == 0 );
4256  }
4257 
4258  x509_free( &crt );
4259  }
4260  FCT_TEST_END();
4261 
4262 
4263  FCT_TEST_BGN(x509_certificate_asn1_signature_invalid_sig_data)
4264  {
4265  x509_cert crt;
4266  unsigned char buf[2000];
4267  unsigned char output[2000];
4268  int data_len, res;
4269 
4270  memset( &crt, 0, sizeof( x509_cert ) );
4271  memset( buf, 0, 2000 );
4272  memset( output, 0, 2000 );
4273 
4274  data_len = unhexify( buf, "308195308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030100" );
4275 
4276  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE ) );
4278  {
4279  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4280 
4281  fct_chk( res != -1 );
4282  fct_chk( res != -2 );
4283 
4284  fct_chk( strcmp( (char *) output, "" ) == 0 );
4285  }
4286 
4287  x509_free( &crt );
4288  }
4289  FCT_TEST_END();
4290 
4291 
4292  FCT_TEST_BGN(x509_certificate_asn1_signature_data_left)
4293  {
4294  x509_cert crt;
4295  unsigned char buf[2000];
4296  unsigned char output[2000];
4297  int data_len, res;
4298 
4299  memset( &crt, 0, sizeof( x509_cert ) );
4300  memset( buf, 0, 2000 );
4301  memset( output, 0, 2000 );
4302 
4303  data_len = unhexify( buf, "308197308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff00" );
4304 
4307  {
4308  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4309 
4310  fct_chk( res != -1 );
4311  fct_chk( res != -2 );
4312 
4313  fct_chk( strcmp( (char *) output, "" ) == 0 );
4314  }
4315 
4316  x509_free( &crt );
4317  }
4318  FCT_TEST_END();
4319 
4320 
4321  FCT_TEST_BGN(x509_certificate_asn1_correct)
4322  {
4323  x509_cert crt;
4324  unsigned char buf[2000];
4325  unsigned char output[2000];
4326  int data_len, res;
4327 
4328  memset( &crt, 0, sizeof( x509_cert ) );
4329  memset( buf, 0, 2000 );
4330  memset( output, 0, 2000 );
4331 
4332  data_len = unhexify( buf, "308196308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff" );
4333 
4334  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( 0 ) );
4335  if( ( 0 ) == 0 )
4336  {
4337  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4338 
4339  fct_chk( res != -1 );
4340  fct_chk( res != -2 );
4341 
4342  fct_chk( strcmp( (char *) output, "cert. version : 1\nserial number : DE:AD:BE:EF\nissuer name : ?\?=Test\nsubject name : ?\?=Test\nissued on : 2009-01-01 00:00:00\nexpires on : 2009-12-31 23:59:59\nsigned using : RSA+MD2\nRSA key size : 128 bits\n" ) == 0 );
4343  }
4344 
4345  x509_free( &crt );
4346  }
4347  FCT_TEST_END();
4348 
4349 
4350  FCT_TEST_BGN(x509_certificate_asn1_generalizedtime_instead_of_utctime)
4351  {
4352  x509_cert crt;
4353  unsigned char buf[2000];
4354  unsigned char output[2000];
4355  int data_len, res;
4356 
4357  memset( &crt, 0, sizeof( x509_cert ) );
4358  memset( buf, 0, 2000 );
4359  memset( output, 0, 2000 );
4360 
4361  data_len = unhexify( buf, "308198308182a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff" );
4362 
4363  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( 0 ) );
4364  if( ( 0 ) == 0 )
4365  {
4366  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4367 
4368  fct_chk( res != -1 );
4369  fct_chk( res != -2 );
4370 
4371  fct_chk( strcmp( (char *) output, "cert. version : 1\nserial number : DE:AD:BE:EF\nissuer name : ?\?=Test\nsubject name : ?\?=Test\nissued on : 2010-01-01 00:00:00\nexpires on : 2009-12-31 23:59:59\nsigned using : RSA+MD2\nRSA key size : 128 bits\n" ) == 0 );
4372  }
4373 
4374  x509_free( &crt );
4375  }
4376  FCT_TEST_END();
4377 
4378 
4379  FCT_TEST_BGN(x509_certificate_asn1_name_with_x520_cn)
4380  {
4381  x509_cert crt;
4382  unsigned char buf[2000];
4383  unsigned char output[2000];
4384  int data_len, res;
4385 
4386  memset( &crt, 0, sizeof( x509_cert ) );
4387  memset( buf, 0, 2000 );
4388  memset( output, 0, 2000 );
4389 
4390  data_len = unhexify( buf, "308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff" );
4391 
4392  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( 0 ) );
4393  if( ( 0 ) == 0 )
4394  {
4395  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4396 
4397  fct_chk( res != -1 );
4398  fct_chk( res != -2 );
4399 
4400  fct_chk( strcmp( (char *) output, "cert. version : 1\nserial number : DE:AD:BE:EF\nissuer name : CN=Test\nsubject name : ?\?=Test\nissued on : 2009-01-01 00:00:00\nexpires on : 2009-12-31 23:59:59\nsigned using : RSA+MD2\nRSA key size : 128 bits\n" ) == 0 );
4401  }
4402 
4403  x509_free( &crt );
4404  }
4405  FCT_TEST_END();
4406 
4407 
4408  FCT_TEST_BGN(x509_certificate_asn1_name_with_x520_c)
4409  {
4410  x509_cert crt;
4411  unsigned char buf[2000];
4412  unsigned char output[2000];
4413  int data_len, res;
4414 
4415  memset( &crt, 0, sizeof( x509_cert ) );
4416  memset( buf, 0, 2000 );
4417  memset( output, 0, 2000 );
4418 
4419  data_len = unhexify( buf, "308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff" );
4420 
4421  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( 0 ) );
4422  if( ( 0 ) == 0 )
4423  {
4424  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4425 
4426  fct_chk( res != -1 );
4427  fct_chk( res != -2 );
4428 
4429  fct_chk( strcmp( (char *) output, "cert. version : 1\nserial number : DE:AD:BE:EF\nissuer name : C=Test\nsubject name : ?\?=Test\nissued on : 2009-01-01 00:00:00\nexpires on : 2009-12-31 23:59:59\nsigned using : RSA+MD2\nRSA key size : 128 bits\n" ) == 0 );
4430  }
4431 
4432  x509_free( &crt );
4433  }
4434  FCT_TEST_END();
4435 
4436 
4437  FCT_TEST_BGN(x509_certificate_asn1_name_with_x520_l)
4438  {
4439  x509_cert crt;
4440  unsigned char buf[2000];
4441  unsigned char output[2000];
4442  int data_len, res;
4443 
4444  memset( &crt, 0, sizeof( x509_cert ) );
4445  memset( buf, 0, 2000 );
4446  memset( output, 0, 2000 );
4447 
4448  data_len = unhexify( buf, "308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff" );
4449 
4450  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( 0 ) );
4451  if( ( 0 ) == 0 )
4452  {
4453  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4454 
4455  fct_chk( res != -1 );
4456  fct_chk( res != -2 );
4457 
4458  fct_chk( strcmp( (char *) output, "cert. version : 1\nserial number : DE:AD:BE:EF\nissuer name : L=Test\nsubject name : ?\?=Test\nissued on : 2009-01-01 00:00:00\nexpires on : 2009-12-31 23:59:59\nsigned using : RSA+MD2\nRSA key size : 128 bits\n" ) == 0 );
4459  }
4460 
4461  x509_free( &crt );
4462  }
4463  FCT_TEST_END();
4464 
4465 
4466  FCT_TEST_BGN(x509_certificate_asn1_name_with_x520_st)
4467  {
4468  x509_cert crt;
4469  unsigned char buf[2000];
4470  unsigned char output[2000];
4471  int data_len, res;
4472 
4473  memset( &crt, 0, sizeof( x509_cert ) );
4474  memset( buf, 0, 2000 );
4475  memset( output, 0, 2000 );
4476 
4477  data_len = unhexify( buf, "308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff" );
4478 
4479  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( 0 ) );
4480  if( ( 0 ) == 0 )
4481  {
4482  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4483 
4484  fct_chk( res != -1 );
4485  fct_chk( res != -2 );
4486 
4487  fct_chk( strcmp( (char *) output, "cert. version : 1\nserial number : DE:AD:BE:EF\nissuer name : ST=Test\nsubject name : ?\?=Test\nissued on : 2009-01-01 00:00:00\nexpires on : 2009-12-31 23:59:59\nsigned using : RSA+MD2\nRSA key size : 128 bits\n" ) == 0 );
4488  }
4489 
4490  x509_free( &crt );
4491  }
4492  FCT_TEST_END();
4493 
4494 
4495  FCT_TEST_BGN(x509_certificate_asn1_name_with_x520_o)
4496  {
4497  x509_cert crt;
4498  unsigned char buf[2000];
4499  unsigned char output[2000];
4500  int data_len, res;
4501 
4502  memset( &crt, 0, sizeof( x509_cert ) );
4503  memset( buf, 0, 2000 );
4504  memset( output, 0, 2000 );
4505 
4506  data_len = unhexify( buf, "308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff" );
4507 
4508  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( 0 ) );
4509  if( ( 0 ) == 0 )
4510  {
4511  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4512 
4513  fct_chk( res != -1 );
4514  fct_chk( res != -2 );
4515 
4516  fct_chk( strcmp( (char *) output, "cert. version : 1\nserial number : DE:AD:BE:EF\nissuer name : O=Test\nsubject name : ?\?=Test\nissued on : 2009-01-01 00:00:00\nexpires on : 2009-12-31 23:59:59\nsigned using : RSA+MD2\nRSA key size : 128 bits\n" ) == 0 );
4517  }
4518 
4519  x509_free( &crt );
4520  }
4521  FCT_TEST_END();
4522 
4523 
4524  FCT_TEST_BGN(x509_certificate_asn1_name_with_x520_ou)
4525  {
4526  x509_cert crt;
4527  unsigned char buf[2000];
4528  unsigned char output[2000];
4529  int data_len, res;
4530 
4531  memset( &crt, 0, sizeof( x509_cert ) );
4532  memset( buf, 0, 2000 );
4533  memset( output, 0, 2000 );
4534 
4535  data_len = unhexify( buf, "308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff" );
4536 
4537  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( 0 ) );
4538  if( ( 0 ) == 0 )
4539  {
4540  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4541 
4542  fct_chk( res != -1 );
4543  fct_chk( res != -2 );
4544 
4545  fct_chk( strcmp( (char *) output, "cert. version : 1\nserial number : DE:AD:BE:EF\nissuer name : OU=Test\nsubject name : ?\?=Test\nissued on : 2009-01-01 00:00:00\nexpires on : 2009-12-31 23:59:59\nsigned using : RSA+MD2\nRSA key size : 128 bits\n" ) == 0 );
4546  }
4547 
4548  x509_free( &crt );
4549  }
4550  FCT_TEST_END();
4551 
4552 
4553  FCT_TEST_BGN(x509_certificate_asn1_name_with_unknown_x520_part)
4554  {
4555  x509_cert crt;
4556  unsigned char buf[2000];
4557  unsigned char output[2000];
4558  int data_len, res;
4559 
4560  memset( &crt, 0, sizeof( x509_cert ) );
4561  memset( buf, 0, 2000 );
4562  memset( output, 0, 2000 );
4563 
4564  data_len = unhexify( buf, "308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff" );
4565 
4566  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( 0 ) );
4567  if( ( 0 ) == 0 )
4568  {
4569  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4570 
4571  fct_chk( res != -1 );
4572  fct_chk( res != -2 );
4573 
4574  fct_chk( strcmp( (char *) output, "cert. version : 1\nserial number : DE:AD:BE:EF\nissuer name : 0xDE=Test\nsubject name : ?\?=Test\nissued on : 2009-01-01 00:00:00\nexpires on : 2009-12-31 23:59:59\nsigned using : RSA+MD2\nRSA key size : 128 bits\n" ) == 0 );
4575  }
4576 
4577  x509_free( &crt );
4578  }
4579  FCT_TEST_END();
4580 
4581 
4582  FCT_TEST_BGN(x509_certificate_asn1_name_with_pkcs9_email)
4583  {
4584  x509_cert crt;
4585  unsigned char buf[2000];
4586  unsigned char output[2000];
4587  int data_len, res;
4588 
4589  memset( &crt, 0, sizeof( x509_cert ) );
4590  memset( buf, 0, 2000 );
4591  memset( output, 0, 2000 );
4592 
4593  data_len = unhexify( buf, "30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff" );
4594 
4595  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( 0 ) );
4596  if( ( 0 ) == 0 )
4597  {
4598  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4599 
4600  fct_chk( res != -1 );
4601  fct_chk( res != -2 );
4602 
4603  fct_chk( strcmp( (char *) output, "cert. version : 1\nserial number : DE:AD:BE:EF\nissuer name : emailAddress=Test\nsubject name : ?\?=Test\nissued on : 2009-01-01 00:00:00\nexpires on : 2009-12-31 23:59:59\nsigned using : RSA+MD2\nRSA key size : 128 bits\n" ) == 0 );
4604  }
4605 
4606  x509_free( &crt );
4607  }
4608  FCT_TEST_END();
4609 
4610 
4611  FCT_TEST_BGN(x509_certificate_asn1_name_with_unknown_pkcs9_part)
4612  {
4613  x509_cert crt;
4614  unsigned char buf[2000];
4615  unsigned char output[2000];
4616  int data_len, res;
4617 
4618  memset( &crt, 0, sizeof( x509_cert ) );
4619  memset( buf, 0, 2000 );
4620  memset( output, 0, 2000 );
4621 
4622  data_len = unhexify( buf, "30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff" );
4623 
4624  fct_chk( x509parse_crt( &crt, buf, data_len ) == ( 0 ) );
4625  if( ( 0 ) == 0 )
4626  {
4627  res = x509parse_cert_info( (char *) output, 2000, "", &crt );
4628 
4629  fct_chk( res != -1 );
4630  fct_chk( res != -2 );
4631 
4632  fct_chk( strcmp( (char *) output, "cert. version : 1\nserial number : DE:AD:BE:EF\nissuer name : 0xAB=Test\nsubject name : ?\?=Test\nissued on : 2009-01-01 00:00:00\nexpires on : 2009-12-31 23:59:59\nsigned using : RSA+MD2\nRSA key size : 128 bits\n" ) == 0 );
4633  }
4634 
4635  x509_free( &crt );
4636  }
4637  FCT_TEST_END();
4638 
4639 
4640  FCT_TEST_BGN(x509_crl_asn1_incorrect_first_tag)
4641  {
4642  x509_crl crl;
4643  unsigned char buf[2000];
4644  unsigned char output[2000];
4645  int data_len, res;
4646 
4647  memset( &crl, 0, sizeof( x509_crl ) );
4648  memset( buf, 0, 2000 );
4649  memset( output, 0, 2000 );
4650 
4651  data_len = unhexify( buf, "" );
4652 
4653  fct_chk( x509parse_crl( &crl, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_FORMAT ) );
4655  {
4656  res = x509parse_crl_info( (char *) output, 2000, "", &crl );
4657 
4658  fct_chk( res != -1 );
4659  fct_chk( res != -2 );
4660 
4661  fct_chk( strcmp( (char *) output, "" ) == 0 );
4662  }
4663 
4664  x509_crl_free( &crl );
4665  }
4666  FCT_TEST_END();
4667 
4668 
4669  FCT_TEST_BGN(x509_crl_asn1_correct_first_tag_data_length_does_not_match)
4670  {
4671  x509_crl crl;
4672  unsigned char buf[2000];
4673  unsigned char output[2000];
4674  int data_len, res;
4675 
4676  memset( &crl, 0, sizeof( x509_crl ) );
4677  memset( buf, 0, 2000 );
4678  memset( output, 0, 2000 );
4679 
4680  data_len = unhexify( buf, "300000" );
4681 
4684  {
4685  res = x509parse_crl_info( (char *) output, 2000, "", &crl );
4686 
4687  fct_chk( res != -1 );
4688  fct_chk( res != -2 );
4689 
4690  fct_chk( strcmp( (char *) output, "" ) == 0 );
4691  }
4692 
4693  x509_crl_free( &crl );
4694  }
4695  FCT_TEST_END();
4696 
4697 
4698  FCT_TEST_BGN(x509_crl_asn1_tbscertlist_tag_missing)
4699  {
4700  x509_crl crl;
4701  unsigned char buf[2000];
4702  unsigned char output[2000];
4703  int data_len, res;
4704 
4705  memset( &crl, 0, sizeof( x509_crl ) );
4706  memset( buf, 0, 2000 );
4707  memset( output, 0, 2000 );
4708 
4709  data_len = unhexify( buf, "3000" );
4710 
4711  fct_chk( x509parse_crl( &crl, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
4713  {
4714  res = x509parse_crl_info( (char *) output, 2000, "", &crl );
4715 
4716  fct_chk( res != -1 );
4717  fct_chk( res != -2 );
4718 
4719  fct_chk( strcmp( (char *) output, "" ) == 0 );
4720  }
4721 
4722  x509_crl_free( &crl );
4723  }
4724  FCT_TEST_END();
4725 
4726 
4727  FCT_TEST_BGN(x509_crl_asn1_tbscertlist_version_tag_len_missing)
4728  {
4729  x509_crl crl;
4730  unsigned char buf[2000];
4731  unsigned char output[2000];
4732  int data_len, res;
4733 
4734  memset( &crl, 0, sizeof( x509_crl ) );
4735  memset( buf, 0, 2000 );
4736  memset( output, 0, 2000 );
4737 
4738  data_len = unhexify( buf, "3003300102" );
4739 
4740  fct_chk( x509parse_crl( &crl, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_VERSION + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
4742  {
4743  res = x509parse_crl_info( (char *) output, 2000, "", &crl );
4744 
4745  fct_chk( res != -1 );
4746  fct_chk( res != -2 );
4747 
4748  fct_chk( strcmp( (char *) output, "" ) == 0 );
4749  }
4750 
4751  x509_crl_free( &crl );
4752  }
4753  FCT_TEST_END();
4754 
4755 
4756  FCT_TEST_BGN(x509_crl_asn1_tbscertlist_version_correct_alg_missing)
4757  {
4758  x509_crl crl;
4759  unsigned char buf[2000];
4760  unsigned char output[2000];
4761  int data_len, res;
4762 
4763  memset( &crl, 0, sizeof( x509_crl ) );
4764  memset( buf, 0, 2000 );
4765  memset( output, 0, 2000 );
4766 
4767  data_len = unhexify( buf, "30053003020100" );
4768 
4769  fct_chk( x509parse_crl( &crl, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
4771  {
4772  res = x509parse_crl_info( (char *) output, 2000, "", &crl );
4773 
4774  fct_chk( res != -1 );
4775  fct_chk( res != -2 );
4776 
4777  fct_chk( strcmp( (char *) output, "" ) == 0 );
4778  }
4779 
4780  x509_crl_free( &crl );
4781  }
4782  FCT_TEST_END();
4783 
4784 
4785  FCT_TEST_BGN(x509_crl_asn1_tbscertlist_alg_correct_incorrect_version)
4786  {
4787  x509_crl crl;
4788  unsigned char buf[2000];
4789  unsigned char output[2000];
4790  int data_len, res;
4791 
4792  memset( &crl, 0, sizeof( x509_crl ) );
4793  memset( buf, 0, 2000 );
4794  memset( output, 0, 2000 );
4795 
4796  data_len = unhexify( buf, "300b3009020102300406000500" );
4797 
4798  fct_chk( x509parse_crl( &crl, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION ) );
4800  {
4801  res = x509parse_crl_info( (char *) output, 2000, "", &crl );
4802 
4803  fct_chk( res != -1 );
4804  fct_chk( res != -2 );
4805 
4806  fct_chk( strcmp( (char *) output, "" ) == 0 );
4807  }
4808 
4809  x509_crl_free( &crl );
4810  }
4811  FCT_TEST_END();
4812 
4813 
4814  FCT_TEST_BGN(x509_crl_asn1_tbscertlist_correct_version_sig_oid1_unknown)
4815  {
4816  x509_crl crl;
4817  unsigned char buf[2000];
4818  unsigned char output[2000];
4819  int data_len, res;
4820 
4821  memset( &crl, 0, sizeof( x509_crl ) );
4822  memset( buf, 0, 2000 );
4823  memset( output, 0, 2000 );
4824 
4825  data_len = unhexify( buf, "300b3009020100300406000500" );
4826 
4827  fct_chk( x509parse_crl( &crl, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG ) );
4829  {
4830  res = x509parse_crl_info( (char *) output, 2000, "", &crl );
4831 
4832  fct_chk( res != -1 );
4833  fct_chk( res != -2 );
4834 
4835  fct_chk( strcmp( (char *) output, "" ) == 0 );
4836  }
4837 
4838  x509_crl_free( &crl );
4839  }
4840  FCT_TEST_END();
4841 
4842 
4843  FCT_TEST_BGN(x509_crl_asn1_tbscertlist_sig_oid1_id_unknown)
4844  {
4845  x509_crl crl;
4846  unsigned char buf[2000];
4847  unsigned char output[2000];
4848  int data_len, res;
4849 
4850  memset( &crl, 0, sizeof( x509_crl ) );
4851  memset( buf, 0, 2000 );
4852  memset( output, 0, 2000 );
4853 
4854  data_len = unhexify( buf, "30143012020100300d06092a864886f70d01010f0500" );
4855 
4856  fct_chk( x509parse_crl( &crl, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG ) );
4858  {
4859  res = x509parse_crl_info( (char *) output, 2000, "", &crl );
4860 
4861  fct_chk( res != -1 );
4862  fct_chk( res != -2 );
4863 
4864  fct_chk( strcmp( (char *) output, "" ) == 0 );
4865  }
4866 
4867  x509_crl_free( &crl );
4868  }
4869  FCT_TEST_END();
4870 
4871 
4872  FCT_TEST_BGN(x509_crl_asn1_tbscertlist_sig_oid1_correct_issuer_missing)
4873  {
4874  x509_crl crl;
4875  unsigned char buf[2000];
4876  unsigned char output[2000];
4877  int data_len, res;
4878 
4879  memset( &crl, 0, sizeof( x509_crl ) );
4880  memset( buf, 0, 2000 );
4881  memset( output, 0, 2000 );
4882 
4883  data_len = unhexify( buf, "30143012020100300d06092a864886f70d01010e0500" );
4884 
4885  fct_chk( x509parse_crl( &crl, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
4887  {
4888  res = x509parse_crl_info( (char *) output, 2000, "", &crl );
4889 
4890  fct_chk( res != -1 );
4891  fct_chk( res != -2 );
4892 
4893  fct_chk( strcmp( (char *) output, "" ) == 0 );
4894  }
4895 
4896  x509_crl_free( &crl );
4897  }
4898  FCT_TEST_END();
4899 
4900 
4901  FCT_TEST_BGN(x509_crl_asn1_tbscertlist_issuer_set_missing)
4902  {
4903  x509_crl crl;
4904  unsigned char buf[2000];
4905  unsigned char output[2000];
4906  int data_len, res;
4907 
4908  memset( &crl, 0, sizeof( x509_crl ) );
4909  memset( buf, 0, 2000 );
4910  memset( output, 0, 2000 );
4911 
4912  data_len = unhexify( buf, "30163014020100300d06092a864886f70d01010e05003000" );
4913 
4914  fct_chk( x509parse_crl( &crl, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
4916  {
4917  res = x509parse_crl_info( (char *) output, 2000, "", &crl );
4918 
4919  fct_chk( res != -1 );
4920  fct_chk( res != -2 );
4921 
4922  fct_chk( strcmp( (char *) output, "" ) == 0 );
4923  }
4924 
4925  x509_crl_free( &crl );
4926  }
4927  FCT_TEST_END();
4928 
4929 
4930  FCT_TEST_BGN(x509_crl_asn1_tbscertlist_correct_issuer_thisupdate_missing)
4931  {
4932  x509_crl crl;
4933  unsigned char buf[2000];
4934  unsigned char output[2000];
4935  int data_len, res;
4936 
4937  memset( &crl, 0, sizeof( x509_crl ) );
4938  memset( buf, 0, 2000 );
4939  memset( output, 0, 2000 );
4940 
4941  data_len = unhexify( buf, "30253023020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344" );
4942 
4943  fct_chk( x509parse_crl( &crl, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_DATE + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
4945  {
4946  res = x509parse_crl_info( (char *) output, 2000, "", &crl );
4947 
4948  fct_chk( res != -1 );
4949  fct_chk( res != -2 );
4950 
4951  fct_chk( strcmp( (char *) output, "" ) == 0 );
4952  }
4953 
4954  x509_crl_free( &crl );
4955  }
4956  FCT_TEST_END();
4957 
4958 
4959  FCT_TEST_BGN(x509_crl_asn1_tbscertlist_correct_thisupdate_nextupdate_missing_entries_length_missing)
4960  {
4961  x509_crl crl;
4962  unsigned char buf[2000];
4963  unsigned char output[2000];
4964  int data_len, res;
4965 
4966  memset( &crl, 0, sizeof( x509_crl ) );
4967  memset( buf, 0, 2000 );
4968  memset( output, 0, 2000 );
4969 
4970  data_len = unhexify( buf, "30343032020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030" );
4971 
4972  fct_chk( x509parse_crl( &crl, buf, data_len ) == ( POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
4973  if( ( POLARSSL_ERR_ASN1_OUT_OF_DATA ) == 0 )
4974  {
4975  res = x509parse_crl_info( (char *) output, 2000, "", &crl );
4976 
4977  fct_chk( res != -1 );
4978  fct_chk( res != -2 );
4979 
4980  fct_chk( strcmp( (char *) output, "" ) == 0 );
4981  }
4982 
4983  x509_crl_free( &crl );
4984  }
4985  FCT_TEST_END();
4986 
4987 
4988  FCT_TEST_BGN(x509_crl_asn1_tbscertlist_entries_present_invalid_sig_alg)
4989  {
4990  x509_crl crl;
4991  unsigned char buf[2000];
4992  unsigned char output[2000];
4993  int data_len, res;
4994 
4995  memset( &crl, 0, sizeof( x509_crl ) );
4996  memset( buf, 0, 2000 );
4997  memset( output, 0, 2000 );
4998 
4999  data_len = unhexify( buf, "304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c30383132333132333539353900" );
5000 
5001  fct_chk( x509parse_crl( &crl, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) );
5003  {
5004  res = x509parse_crl_info( (char *) output, 2000, "", &crl );
5005 
5006  fct_chk( res != -1 );
5007  fct_chk( res != -2 );
5008 
5009  fct_chk( strcmp( (char *) output, "" ) == 0 );
5010  }
5011 
5012  x509_crl_free( &crl );
5013  }
5014  FCT_TEST_END();
5015 
5016 
5017  FCT_TEST_BGN(x509_crl_asn1_tbscertlist_entries_present_date_in_entry_invalid)
5018  {
5019  x509_crl crl;
5020  unsigned char buf[2000];
5021  unsigned char output[2000];
5022  int data_len, res;
5023 
5024  memset( &crl, 0, sizeof( x509_crl ) );
5025  memset( buf, 0, 2000 );
5026  memset( output, 0, 2000 );
5027 
5028  data_len = unhexify( buf, "304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c30383132333132333539353900" );
5029 
5030  fct_chk( x509parse_crl( &crl, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_INVALID_DATE + POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) );
5032  {
5033  res = x509parse_crl_info( (char *) output, 2000, "", &crl );
5034 
5035  fct_chk( res != -1 );
5036  fct_chk( res != -2 );
5037 
5038  fct_chk( strcmp( (char *) output, "" ) == 0 );
5039  }
5040 
5041  x509_crl_free( &crl );
5042  }
5043  FCT_TEST_END();
5044 
5045 
5046  FCT_TEST_BGN(x509_crl_asn1_tbscertlist_sig_alg_present_sig_alg_does_not_match)
5047  {
5048  x509_crl crl;
5049  unsigned char buf[2000];
5050  unsigned char output[2000];
5051  int data_len, res;
5052 
5053  memset( &crl, 0, sizeof( x509_crl ) );
5054  memset( buf, 0, 2000 );
5055  memset( output, 0, 2000 );
5056 
5057  data_len = unhexify( buf, "30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010d0500" );
5058 
5059  fct_chk( x509parse_crl( &crl, buf, data_len ) == ( POLARSSL_ERR_X509_CERT_SIG_MISMATCH ) );
5061  {
5062  res = x509parse_crl_info( (char *) output, 2000, "", &crl );
5063 
5064  fct_chk( res != -1 );
5065  fct_chk( res != -2 );
5066 
5067  fct_chk( strcmp( (char *) output, "" ) == 0 );
5068  }
5069 
5070  x509_crl_free( &crl );
5071  }
5072  FCT_TEST_END();
5073 
5074 
5075  FCT_TEST_BGN(x509_crl_asn1_tbscertlist_sig_present_len_mismatch)
5076  {
5077  x509_crl crl;
5078  unsigned char buf[2000];
5079  unsigned char output[2000];
5080  int data_len, res;
5081 
5082  memset( &crl, 0, sizeof( x509_crl ) );
5083  memset( buf, 0, 2000 );
5084  memset( output, 0, 2000 );
5085 
5086  data_len = unhexify( buf, "305d3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e05000302000100" );
5087 
5090  {
5091  res = x509parse_crl_info( (char *) output, 2000, "", &crl );
5092 
5093  fct_chk( res != -1 );
5094  fct_chk( res != -2 );
5095 
5096  fct_chk( strcmp( (char *) output, "" ) == 0 );
5097  }
5098 
5099  x509_crl_free( &crl );
5100  }
5101  FCT_TEST_END();
5102 
5103 
5104  FCT_TEST_BGN(x509_crl_asn1_tbscertlist_sig_present)
5105  {
5106  x509_crl crl;
5107  unsigned char buf[2000];
5108  unsigned char output[2000];
5109  int data_len, res;
5110 
5111  memset( &crl, 0, sizeof( x509_crl ) );
5112  memset( buf, 0, 2000 );
5113  memset( output, 0, 2000 );
5114 
5115  data_len = unhexify( buf, "305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001" );
5116 
5117  fct_chk( x509parse_crl( &crl, buf, data_len ) == ( 0 ) );
5118  if( ( 0 ) == 0 )
5119  {
5120  res = x509parse_crl_info( (char *) output, 2000, "", &crl );
5121 
5122  fct_chk( res != -1 );
5123  fct_chk( res != -2 );
5124 
5125  fct_chk( strcmp( (char *) output, "CRL version : 1\nissuer name : CN=ABCD\nthis update : 2009-01-01 00:00:00\nnext update : 0000-00-00 00:00:00\nRevoked certificates:\nserial number: AB:CD revocation date: 2008-12-31 23:59:59\nsigned using : RSA+SHA224\n" ) == 0 );
5126  }
5127 
5128  x509_crl_free( &crl );
5129  }
5130  FCT_TEST_END();
5131 
5132 
5133  FCT_TEST_BGN(x509_crl_asn1_tbscertlist_no_entries)
5134  {
5135  x509_crl crl;
5136  unsigned char buf[2000];
5137  unsigned char output[2000];
5138  int data_len, res;
5139 
5140  memset( &crl, 0, sizeof( x509_crl ) );
5141  memset( buf, 0, 2000 );
5142  memset( output, 0, 2000 );
5143 
5144  data_len = unhexify( buf, "30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001" );
5145 
5146  fct_chk( x509parse_crl( &crl, buf, data_len ) == ( 0 ) );
5147  if( ( 0 ) == 0 )
5148  {
5149  res = x509parse_crl_info( (char *) output, 2000, "", &crl );
5150 
5151  fct_chk( res != -1 );
5152  fct_chk( res != -2 );
5153 
5154  fct_chk( strcmp( (char *) output, "CRL version : 1\nissuer name : CN=ABCD\nthis update : 2009-01-01 00:00:00\nnext update : 0000-00-00 00:00:00\nRevoked certificates:\nsigned using : RSA+SHA224\n" ) == 0 );
5155  }
5156 
5157  x509_crl_free( &crl );
5158  }
5159  FCT_TEST_END();
5160 
5161 
5162  FCT_TEST_BGN(x509_key_asn1_incorrect_first_tag)
5163  {
5164  rsa_context rsa;
5165  unsigned char buf[2000];
5166  unsigned char output[2000];
5167  int data_len;
5168 
5169  memset( &rsa, 0, sizeof( rsa_context ) );
5170  memset( buf, 0, 2000 );
5171  memset( output, 0, 2000 );
5172 
5173  data_len = unhexify( buf, "" );
5174 
5175  fct_chk( x509parse_key( &rsa, buf, data_len, NULL, 0 ) == ( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
5177  {
5178  fct_chk( 1 );
5179  }
5180 
5181  rsa_free( &rsa );
5182  }
5183  FCT_TEST_END();
5184 
5185 
5186  FCT_TEST_BGN(x509_key_asn1_rsaprivatekey_incorrect_version_tag)
5187  {
5188  rsa_context rsa;
5189  unsigned char buf[2000];
5190  unsigned char output[2000];
5191  int data_len;
5192 
5193  memset( &rsa, 0, sizeof( rsa_context ) );
5194  memset( buf, 0, 2000 );
5195  memset( output, 0, 2000 );
5196 
5197  data_len = unhexify( buf, "300100" );
5198 
5199  fct_chk( x509parse_key( &rsa, buf, data_len, NULL, 0 ) == ( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) );
5201  {
5202  fct_chk( 1 );
5203  }
5204 
5205  rsa_free( &rsa );
5206  }
5207  FCT_TEST_END();
5208 
5209 
5210  FCT_TEST_BGN(x509_key_asn1_rsaprivatekey_version_tag_missing)
5211  {
5212  rsa_context rsa;
5213  unsigned char buf[2000];
5214  unsigned char output[2000];
5215  int data_len;
5216 
5217  memset( &rsa, 0, sizeof( rsa_context ) );
5218  memset( buf, 0, 2000 );
5219  memset( output, 0, 2000 );
5220 
5221  data_len = unhexify( buf, "3000" );
5222 
5223  fct_chk( x509parse_key( &rsa, buf, data_len, NULL, 0 ) == ( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA ) );
5225  {
5226  fct_chk( 1 );
5227  }
5228 
5229  rsa_free( &rsa );
5230  }
5231  FCT_TEST_END();
5232 
5233 
5234  FCT_TEST_BGN(x509_key_asn1_rsaprivatekey_invalid_version)
5235  {
5236  rsa_context rsa;
5237  unsigned char buf[2000];
5238  unsigned char output[2000];
5239  int data_len;
5240 
5241  memset( &rsa, 0, sizeof( rsa_context ) );
5242  memset( buf, 0, 2000 );
5243  memset( output, 0, 2000 );
5244 
5245  data_len = unhexify( buf, "3003020101" );
5246 
5247  fct_chk( x509parse_key( &rsa, buf, data_len, NULL, 0 ) == ( POLARSSL_ERR_X509_KEY_INVALID_VERSION ) );
5249  {
5250  fct_chk( 1 );
5251  }
5252 
5253  rsa_free( &rsa );
5254  }
5255  FCT_TEST_END();
5256 
5257 
5258  FCT_TEST_BGN(x509_key_asn1_rsaprivatekey_correct_version_incorrect_tag)
5259  {
5260  rsa_context rsa;
5261  unsigned char buf[2000];
5262  unsigned char output[2000];
5263  int data_len;
5264 
5265  memset( &rsa, 0, sizeof( rsa_context ) );
5266  memset( buf, 0, 2000 );
5267  memset( output, 0, 2000 );
5268 
5269  data_len = unhexify( buf, "300402010000" );
5270 
5271  fct_chk( x509parse_key( &rsa, buf, data_len, NULL, 0 ) == ( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) );
5273  {
5274  fct_chk( 1 );
5275  }
5276 
5277  rsa_free( &rsa );
5278  }
5279  FCT_TEST_END();
5280 
5281 
5282  FCT_TEST_BGN(x509_key_asn1_rsaprivatekey_values_present_length_mismatch)
5283  {
5284  rsa_context rsa;
5285  unsigned char buf[2000];
5286  unsigned char output[2000];
5287  int data_len;
5288 
5289  memset( &rsa, 0, sizeof( rsa_context ) );
5290  memset( buf, 0, 2000 );
5291  memset( output, 0, 2000 );
5292 
5293  data_len = unhexify( buf, "301c02010002010102010102010102010102010102010102010102010100" );
5294 
5295  fct_chk( x509parse_key( &rsa, buf, data_len, NULL, 0 ) == ( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH ) );
5297  {
5298  fct_chk( 1 );
5299  }
5300 
5301  rsa_free( &rsa );
5302  }
5303  FCT_TEST_END();
5304 
5305 
5306  FCT_TEST_BGN(x509_key_asn1_rsaprivatekey_values_present_check_privkey_fails)
5307  {
5308  rsa_context rsa;
5309  unsigned char buf[2000];
5310  unsigned char output[2000];
5311  int data_len;
5312 
5313  memset( &rsa, 0, sizeof( rsa_context ) );
5314  memset( buf, 0, 2000 );
5315  memset( output, 0, 2000 );
5316 
5317  data_len = unhexify( buf, "301b020100020101020101020101020101020101020101020101020101" );
5318 
5319  fct_chk( x509parse_key( &rsa, buf, data_len, NULL, 0 ) == ( POLARSSL_ERR_RSA_KEY_CHECK_FAILED ) );
5320  if( ( POLARSSL_ERR_RSA_KEY_CHECK_FAILED ) == 0 )
5321  {
5322  fct_chk( 1 );
5323  }
5324 
5325  rsa_free( &rsa );
5326  }
5327  FCT_TEST_END();
5328 
5329  }
5330  FCT_SUITE_END();
5331 
5332 #endif /* POLARSSL_X509_PARSE_C */
5333 #endif /* POLARSSL_BIGNUM_C */
5334 
5335 }
5336 FCT_END();
5337