diff options
author | Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> | 2017-05-23 11:29:29 +0200 |
---|---|---|
committer | Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> | 2017-08-08 11:00:46 +0200 |
commit | 6622fed5246fffee05e9e4a2a5c8b4174f474c21 (patch) | |
tree | bc85199c064921f72420f05020b62e49eb26a350 /tests/suites/test_suite_x509parse.function | |
parent | 9832ceaa2a85b4116df0d26352cac3bab1e13f84 (diff) | |
download | mbedtls-6622fed5246fffee05e9e4a2a5c8b4174f474c21.zip mbedtls-6622fed5246fffee05e9e4a2a5c8b4174f474c21.tar.gz mbedtls-6622fed5246fffee05e9e4a2a5c8b4174f474c21.tar.bz2 |
Add tests for profile enforcement
Now all checks related to profile are covered in:
- verify_with_profile()
- verify_child()
- verify_top()
(that's 10 lines that were previously not covered)
Leaving aside profile enforcement in CRLs for now, as the focus is on
preparing to refactor cert verification.
Diffstat (limited to 'tests/suites/test_suite_x509parse.function')
-rw-r--r-- | tests/suites/test_suite_x509parse.function | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 48bdee8..73727b5 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -28,6 +28,24 @@ const mbedtls_x509_crt_profile compat_profile = 1024, }; +const mbedtls_x509_crt_profile profile_rsa3072 = +{ + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), + MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ), + 0, + 3072, +}; + +const mbedtls_x509_crt_profile profile_sha512 = +{ + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), + 0xFFFFFFF, /* Any PK alg */ + 0xFFFFFFF, /* Any curve */ + 1024, +}; + int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags ) { ((void) data); @@ -569,6 +587,10 @@ void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca, profile = &mbedtls_x509_crt_profile_next; else if( strcmp(profile_name, "suiteb") == 0 ) profile = &mbedtls_x509_crt_profile_suiteb; + else if( strcmp(profile_name, "rsa3072") == 0 ) + profile = &profile_rsa3072; + else if( strcmp(profile_name, "sha512") == 0 ) + profile = &profile_sha512; res = mbedtls_x509_crt_verify_with_profile( &chain, &trusted, NULL, profile, NULL, &flags, NULL, NULL ); |