Test optional fields in authorityKeyId
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index d73476a..a46e47d 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -3313,6 +3313,18 @@
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId.crt.der":"5061A58FD407D9D782010CE5657F8C6346A713BE":"NL/PolarSSL/PolarSSL Test CA/":"3960EFDE5674DE1F7B761699CF8E5C024E209452":0
+X509 CRT parse Authority Key Id - Correct Authority Key ID (no keyid)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
+x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_no_keyid.crt.der":"":"NL/PolarSSL/PolarSSL Test CA/":"51C00146259B5DA6E11ECEB078D490A296BBE1ED":0
+
+X509 CRT parse Authority Key Id - Correct Authority Key ID (no issuer and serial)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
+x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_no_issuer_serial.crt.der":"5061A58FD407D9D782010CE5657F8C6346A713BE":"":"":0
+
+X509 CRT parse Authority Key Id - Correct Authority Key ID (empty)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
+x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_empty.crt.der":"":"":"":0
+
X509 CRT parse Authority Key Id - Wrong Length
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 89155e9..71ab32c 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -1595,34 +1595,43 @@
if (ref_ret == 0) {
/* KeyId test */
- TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == MBEDTLS_ASN1_OCTET_STRING);
- TEST_ASSERT(memcmp(crt.authority_key_id.keyIdentifier.p, keyId->x, keyId->len) == 0);
- TEST_ASSERT(crt.authority_key_id.keyIdentifier.len == keyId->len);
+ if (crt.authority_key_id.keyIdentifier.len > 0)
+ {
+ TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == MBEDTLS_ASN1_OCTET_STRING);
+ TEST_ASSERT(memcmp(crt.authority_key_id.keyIdentifier.p, keyId->x, keyId->len) == 0);
+ TEST_ASSERT(crt.authority_key_id.keyIdentifier.len == keyId->len);
+ }
/* Issuer test */
- mbedtls_x509_sequence *issuerPtr = &crt.authority_key_id.authorityCertIssuer;
+ if (crt.authority_key_id.authorityCertIssuer.buf.len > 0)
+ {
+ mbedtls_x509_sequence *issuerPtr = &crt.authority_key_id.authorityCertIssuer;
- TEST_ASSERT(mbedtls_x509_parse_subject_alt_name(&issuerPtr->buf, &san) == 0);
+ TEST_ASSERT(mbedtls_x509_parse_subject_alt_name(&issuerPtr->buf, &san) == 0);
- pname = &san.san.directory_name;
+ pname = &san.san.directory_name;
- while (pname != NULL) {
- for (issuerCounter = 0; issuerCounter < pname->val.len; issuerCounter++) {
- result |=
- (authorityKeyId_issuer[bufferCounter++] != pname->val.p[issuerCounter]);
+ while (pname != NULL) {
+ for (issuerCounter = 0; issuerCounter < pname->val.len; issuerCounter++) {
+ result |=
+ (authorityKeyId_issuer[bufferCounter++] != pname->val.p[issuerCounter]);
+ }
+ bufferCounter++; /* Skipping the slash */
+ pname = pname->next;
}
- bufferCounter++; /* Skipping the slash */
- pname = pname->next;
+ mbedtls_x509_free_subject_alt_name(&san);
+ TEST_ASSERT(result == 0);
}
- mbedtls_x509_free_subject_alt_name(&san);
- TEST_ASSERT(result == 0);
/* Serial test */
- TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.tag ==
- MBEDTLS_ASN1_INTEGER);
- TEST_ASSERT(memcmp(crt.authority_key_id.authorityCertSerialNumber.p,
- serial->x, serial->len) == 0);
- TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.len == serial->len);
+ if (crt.authority_key_id.authorityCertSerialNumber.len > 0)
+ {
+ TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.tag ==
+ MBEDTLS_ASN1_INTEGER);
+ TEST_ASSERT(memcmp(crt.authority_key_id.authorityCertSerialNumber.p,
+ serial->x, serial->len) == 0);
+ TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.len == serial->len);
+ }
} else {
TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == 0);