commit b29807413e3ab7a6725b4c8f525189267ec7627a
author Andrzej Kurek <andrzej.kurek@arm.com> Sun Feb 02 19:25:26 2020 -0500
committer Andrzej Kurek <andrzej.kurek@arm.com> Sun Feb 02 19:25:26 2020 -0500
tree 6ca29651bf3a9475c831251f2039ad1773355848
parent 2a1f178d7c6bb137bdcdf518e20b53ddd1b22fe3

Refactor certificates and keys in ssl handshake mock tests

Let the caller decide what certificates and keys are loaded (EC/RSA)
instead of loading both for the server, and an unspecified one 
for the client. Use only DER encoding.

tests/suites/test_suite_ssl.function

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 4fba1f1..c82bacc 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -629,9 +629,7 @@
 {
     mbedtls_x509_crt ca_cert;
     mbedtls_x509_crt cert;
-    mbedtls_x509_crt cert2;
     mbedtls_pk_context pkey;
-    mbedtls_pk_context pkey2;
 } mbedtls_endpoint_certificate;
 
 /*
@@ -654,7 +652,7 @@
  *
  * \retval  0 on success, otherwise error code.
  */
-int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep )
+int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
 {
     int i = 0;
     int ret = -1;
@@ -668,9 +666,7 @@
     cert = &( ep->cert );
     mbedtls_x509_crt_init( &( cert->ca_cert ) );
     mbedtls_x509_crt_init( &( cert->cert ) );
-    mbedtls_x509_crt_init( &( cert->cert2 ) );
     mbedtls_pk_init( &( cert->pkey ) );
-    mbedtls_pk_init( &( cert->pkey2 ) );
 
     /* Load the trusted CA */
 
@@ -694,58 +690,71 @@
 
     if( ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER )
     {
-        ret = mbedtls_x509_crt_parse( &( cert->cert ),
-                            (const unsigned char *) mbedtls_test_srv_crt_rsa,
-                            mbedtls_test_srv_crt_rsa_len );
-        TEST_ASSERT( ret == 0 );
+        if( pk_alg == MBEDTLS_PK_RSA )
+        {
+            ret = mbedtls_x509_crt_parse( &( cert->cert ),
+                    (const unsigned char*) mbedtls_test_srv_crt_rsa_sha256_der,
+                    mbedtls_test_srv_crt_rsa_sha256_der_len );
+            TEST_ASSERT( ret == 0 );
 
-        ret = mbedtls_pk_parse_key( &( cert->pkey ),
-                            (const unsigned char *) mbedtls_test_srv_key_rsa,
-                            mbedtls_test_srv_key_rsa_len, NULL, 0 );
-        TEST_ASSERT( ret == 0 );
+            ret = mbedtls_pk_parse_key( &( cert->pkey ),
+                            (const unsigned char*) mbedtls_test_srv_key_rsa_der,
+                            mbedtls_test_srv_key_rsa_der_len, NULL, 0 );
+            TEST_ASSERT( ret == 0 );
+        }
+        else
+        {
+            ret = mbedtls_x509_crt_parse( &( cert->cert ),
+                            (const unsigned char*) mbedtls_test_srv_crt_ec_der,
+                            mbedtls_test_srv_crt_ec_der_len );
+            TEST_ASSERT( ret == 0 );
 
-        ret = mbedtls_x509_crt_parse( &( cert->cert2 ),
-                            (const unsigned char *) mbedtls_test_srv_crt_ec,
-                            mbedtls_test_srv_crt_ec_len );
-        TEST_ASSERT( ret == 0 );
-
-        ret = mbedtls_pk_parse_key( &( cert->pkey2 ),
-                            (const unsigned char *) mbedtls_test_srv_key_ec,
-                            mbedtls_test_srv_key_ec_len, NULL, 0 );
-        TEST_ASSERT( ret == 0 );
+            ret = mbedtls_pk_parse_key( &( cert->pkey ),
+                            (const unsigned char*) mbedtls_test_srv_key_ec_der,
+                            mbedtls_test_srv_key_ec_der_len, NULL, 0 );
+            TEST_ASSERT( ret == 0 );
+        }
     }
     else
     {
-        ret = mbedtls_x509_crt_parse( &( cert->cert ),
-                            (const unsigned char *) mbedtls_test_cli_crt,
-                            mbedtls_test_cli_crt_len );
-        TEST_ASSERT( ret == 0 );
+        if( pk_alg == MBEDTLS_PK_RSA )
+        {
+            ret = mbedtls_x509_crt_parse( &( cert->cert ),
+                          (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
+                          mbedtls_test_cli_crt_rsa_der_len );
+            TEST_ASSERT( ret == 0 );
 
-        ret = mbedtls_pk_parse_key( &( cert->pkey ),
-                            (const unsigned char *) mbedtls_test_cli_key,
-                            mbedtls_test_cli_key_len, NULL, 0 );
-        TEST_ASSERT( ret == 0 );
+            ret = mbedtls_pk_parse_key( &( cert->pkey ),
+                          (const unsigned char *) mbedtls_test_cli_key_rsa_der,
+                          mbedtls_test_cli_key_rsa_der_len, NULL, 0 );
+            TEST_ASSERT( ret == 0 );
+        }
+        else
+        {
+            ret = mbedtls_x509_crt_parse( &( cert->cert ),
+                          (const unsigned char *) mbedtls_test_cli_crt_ec_der,
+                          mbedtls_test_cli_crt_ec_len );
+            TEST_ASSERT( ret == 0 );
+
+            ret = mbedtls_pk_parse_key( &( cert->pkey ),
+                          (const unsigned char *) mbedtls_test_cli_key_ec_der,
+                          mbedtls_test_cli_key_ec_der_len, NULL, 0 );
+            TEST_ASSERT( ret == 0 );
+        }
     }
 
     mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL );
 
-    ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ), &( cert->pkey ) );
+    ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
+                                     &( cert->pkey ) );
     TEST_ASSERT( ret == 0 );
 
-    if( ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
-        ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert2 ), &( cert->pkey2 ) );
-        TEST_ASSERT( ret == 0 );
-    }
-
 exit:
     if( ret != 0 )
     {
         mbedtls_x509_crt_free( &( cert->ca_cert ) );
         mbedtls_x509_crt_free( &( cert->cert ) );
-        mbedtls_x509_crt_free( &( cert->cert2 ) );
         mbedtls_pk_free( &( cert->pkey ) );
-        mbedtls_pk_free( &( cert->pkey2 ) );
     }
 
     return ret;
@@ -760,7 +769,7 @@
  *
  * \retval  0 on success, otherwise error code.
  */
-int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type )
+int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg )
 {
     int ret = -1;
 
@@ -801,7 +810,7 @@
                                         MBEDTLS_SSL_PRESET_DEFAULT );
     TEST_ASSERT( ret == 0 );
 
-    ret = mbedtls_endpoint_certificate_init( ep );
+    ret = mbedtls_endpoint_certificate_init( ep, pk_alg );
     TEST_ASSERT( ret == 0 );
 
 exit:
@@ -816,9 +825,7 @@
     mbedtls_endpoint_certificate *cert = &( ep->cert );
     mbedtls_x509_crt_free( &( cert->ca_cert ) );
     mbedtls_x509_crt_free( &( cert->cert ) );
-    mbedtls_x509_crt_free( &( cert->cert2 ) );
     mbedtls_pk_free( &( cert->pkey ) );
-    mbedtls_pk_free( &( cert->pkey2 ) );
 }
 
 /*
@@ -2916,20 +2923,20 @@
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO */
 void mbedtls_endpoint_sanity( int endpoint_type )
 {
     enum { BUFFSIZE = 1024 };
     mbedtls_endpoint ep;
     int ret = -1;
 
-    ret = mbedtls_endpoint_init( NULL, endpoint_type );
+    ret = mbedtls_endpoint_init( NULL, endpoint_type, MBEDTLS_PK_RSA );
     TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
 
-    ret = mbedtls_endpoint_certificate_init( NULL );
+    ret = mbedtls_endpoint_certificate_init( NULL, MBEDTLS_PK_RSA );
     TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
 
-    ret = mbedtls_endpoint_init( &ep, endpoint_type );
+    ret = mbedtls_endpoint_init( &ep, endpoint_type, MBEDTLS_PK_RSA );
     TEST_ASSERT( ret == 0 );
 
 exit:
@@ -2937,19 +2944,20 @@
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */
 void move_handshake_to_state(int endpoint_type, int state, int need_pass)
 {
     enum { BUFFSIZE = 1024 };
     mbedtls_endpoint base_ep, second_ep;
     int ret = -1;
 
-    ret = mbedtls_endpoint_init( &base_ep, endpoint_type );
+    ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA );
     TEST_ASSERT( ret == 0 );
 
     ret = mbedtls_endpoint_init( &second_ep,
                             ( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ?
-                            MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER );
+                            MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
+                                 MBEDTLS_PK_RSA );
     TEST_ASSERT( ret == 0 );
 
     ret = mbedtls_mock_socket_connect( &(base_ep.socket),