Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions. Updating mbedtls_x509_crt_free function to also free the new dynamic elements (issuer field of AuthorityKeyId).
A few tests are also added which test the feature with a correct certificate and multiple ones with erroneous ASN1 tags.
Signed-off-by: toth92g <toth92g@gmail.com>
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 685b859..54bad3c 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -3165,3 +3165,39 @@
X509 ext types accessor: ext type not present
depends_on:MBEDTLS_X509_CRT_PARSE_C
x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
+
+X509 CRT parse Subject Key Id - Correct
+depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+mbedtls_x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId.crt":"B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF":20:0
+
+X509 CRT parse Subject Key Id - Wrong
+depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+mbedtls_x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt":"":0:0xff9e
+
+X509 CRT parse Authority Key Id - Correct
+depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId.crt":"B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF":20:"NL/PolarSSL/PolarSSL Test CA/":"0":1:0
+
+X509 CRT parse Authority Key Id - Wrong Sequence
+depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt":"":0:"":"0":0:0xff9e
+
+X509 CRT parse Authority Key Id - Wrong KeyId Tag
+depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt":"":0:"":"0":0:0xff9e
+
+X509 CRT parse Authority Key Id - Wrong Issuer Tag 1
+depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer1.crt":"":0:"":"0":0:0xff9e
+
+X509 CRT parse Authority Key Id - Wrong Issuer Tag 2
+depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer2.crt":"":0:"":"0":0:0xff9e
+
+X509 CRT parse Authority Key Id - Wrong Issuer Tag 3
+depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer3.crt":"":0:"":"0":0:0xff9e
+
+X509 CRT parse Authority Key Id - Wrong Issuer Tag 4
+depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer4.crt":"":0:"":"0":0:0xdc1e
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 177bc97..12b7818 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -1472,3 +1472,95 @@
;;
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C */
+void mbedtls_x509_crt_parse_subjectkeyid(char *crt_path,
+ char *subjectKeyId,
+ int subjectKeyIdLength,
+ int retVal)
+{
+ mbedtls_x509_crt crt;
+ int i = 0;
+ int result = 0;
+
+ mbedtls_x509_crt_init(&crt);
+
+ TEST_ASSERT((mbedtls_x509_crt_parse_file(&crt, crt_path)& 0xFFFF) == retVal);
+
+ if (retVal != 0) {
+ while (i < subjectKeyIdLength) {
+ result |= crt.subject_key_id.p[i] != subjectKeyId[i*2];
+ result |= crt.subject_key_id.p[i+1] != subjectKeyId[i*2+1];
+ i++;
+ }
+
+ TEST_ASSERT(result == 0);
+ }
+
+exit:
+ mbedtls_x509_crt_free(&crt);
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C */
+void mbedtls_x509_crt_parse_authoritykeyid(char *crt_path,
+ char *authorityKeyId_keyId,
+ int keyIdLength,
+ char *authorityKeyId_issuer,
+ char *authorityKeyId_serial,
+ int serialLength,
+ int retVal)
+{
+ mbedtls_x509_crt crt;
+ int i = 0;
+ int result = 0;
+ int bufferCounter = 0;
+ size_t issuerCounter = 0;
+
+ mbedtls_x509_crt_init(&crt);
+
+ TEST_ASSERT((mbedtls_x509_crt_parse_file(&crt, crt_path)& 0xFFFF) == retVal);
+
+ if (retVal != 0) {
+ /* KeyId test */
+ while (i < keyIdLength) {
+ result |= crt.authority_key_id.keyIdentifier.p[i] != authorityKeyId_keyId[i*2];
+ result |= crt.authority_key_id.keyIdentifier.p[i+1] != authorityKeyId_keyId[i*2+1];
+ i++;
+ }
+
+ /* Issuer test */
+ mbedtls_x509_name *issuerPtr = &crt.authority_key_id.authorityCertIssuer;
+ while (issuerPtr != NULL) {
+ for (issuerCounter = 0u; issuerCounter < issuerPtr->val.len; issuerCounter++) {
+ result |=
+ (authorityKeyId_issuer[bufferCounter++] != issuerPtr->val.p[issuerCounter]);
+ }
+ bufferCounter++; /* Skipping the slash */
+ issuerPtr = issuerPtr->next;
+ }
+
+ /* Serial test */
+ i = 0;
+ while (i < serialLength) {
+ result |= crt.authority_key_id.authorityCertSerialNumber.p[i] !=
+ authorityKeyId_serial[i*2];
+ result |= crt.authority_key_id.authorityCertSerialNumber.p[i+1] !=
+ authorityKeyId_serial[i*2+1];
+ i++;
+ }
+
+ TEST_ASSERT(result == 0);
+ }
+
+exit:
+ mbedtls_x509_crt_free(&crt);
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */
+void x509_selftest()
+{
+ TEST_ASSERT(mbedtls_x509_self_test(1) == 0);
+}
+/* END_CASE */