Google Git
Sign in
pigweed / third_party / github / zephyrproject-rtos / zephyr / 398d90ff48572bb2eaea4b82c9484fab9020711f / . / tests / net / lib / tls_credentials / src / main.c
blob: e45704d08ce6a6756fc1302b1eea8c7120cb9118 [file] [log] [blame]
/*
* Copyright (c) 2018 Nordic Semiconductor ASA
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <zephyr/ztest.h>
#include "tls_internal.h"
static const char test_ca_cert[] = "Test CA certificate";
static const char test_server_cert[] = "Test server certificate";
static const char test_server_key[] = "Test server key";
static const int invalid_tag = CONFIG_TLS_MAX_CREDENTIALS_NUMBER + 1;
static const int unused_tag = CONFIG_TLS_MAX_CREDENTIALS_NUMBER;
static const int common_tag = CONFIG_TLS_MAX_CREDENTIALS_NUMBER - 1;
/**
* @brief Test test_credential_add function
*
* This test verifies the credential add operation.
*/
static void test_credential_add(void)
{
int ret, i;
for (i = 0; i < CONFIG_TLS_MAX_CREDENTIALS_NUMBER - 2; i++) {
ret = tls_credential_add(i, TLS_CREDENTIAL_CA_CERTIFICATE,
test_ca_cert, sizeof(test_ca_cert));
zassert_equal(ret, 0, "Failed to add credential %d %d", i);
}
/* Function should allow to add credentials of different types
* with the same tag
*/
ret = tls_credential_add(common_tag, TLS_CREDENTIAL_SERVER_CERTIFICATE,
test_server_cert, sizeof(test_server_cert));
zassert_equal(ret, 0, "Failed to add credential %d %d",
common_tag, TLS_CREDENTIAL_SERVER_CERTIFICATE);
ret = tls_credential_add(common_tag, TLS_CREDENTIAL_PRIVATE_KEY,
test_server_key, sizeof(test_server_key));
zassert_equal(ret, 0, "Failed to add credential %d %d",
common_tag, TLS_CREDENTIAL_PRIVATE_KEY);
/* Try to register another credential - should not have memory for that
*/
ret = tls_credential_add(unused_tag, TLS_CREDENTIAL_CA_CERTIFICATE,
test_ca_cert, sizeof(test_ca_cert));
zassert_equal(ret, -ENOMEM, "Should have failed with ENOMEM");
/* Try to re-register with already registered tag and type */
ret = tls_credential_add(common_tag, TLS_CREDENTIAL_PRIVATE_KEY,
test_server_key, sizeof(test_server_key));
zassert_equal(ret, -EEXIST, "Should have failed with EEXIST");
}
/**
* @brief Test test_credential_get function
*
* This test verifies the credential get operation.
*/
static void test_credential_get(void)
{
char cred[64];
size_t credlen;
int ret;
/* Read existing credential */
(void)memset(cred, 0, sizeof(cred));
credlen = sizeof(cred);
ret = tls_credential_get(common_tag, TLS_CREDENTIAL_PRIVATE_KEY,
cred, &credlen);
zassert_equal(ret, 0, "Failed to read credential %d %d",
0, TLS_CREDENTIAL_CA_CERTIFICATE);
ret = strcmp(cred, test_server_key);
zassert_equal(ret, 0, "Invalid credential content");
zassert_equal(credlen, sizeof(test_server_key),
"Invalid credential length");
/* Try to read non-existing credentials */
credlen = sizeof(cred);
ret = tls_credential_get(invalid_tag, TLS_CREDENTIAL_PSK,
cred, &credlen);
zassert_equal(ret, -ENOENT, "Should have failed with ENOENT");
/* Try to read with too small buffer */
credlen = sizeof(test_server_cert) - 1;
ret = tls_credential_get(common_tag, TLS_CREDENTIAL_SERVER_CERTIFICATE,
cred, &credlen);
zassert_equal(ret, -EFBIG, "Should have failed with EFBIG");
}
/**
* @brief Test test_credential_internal_iterate function
*
* This test verifies the internal function for iterating over credentials.
*/
static void test_credential_internal_iterate(void)
{
struct tls_credential *cert, *key, *temp;
/* Non-existing credential should return NULL */
key = credential_next_get(invalid_tag, NULL);
zassert_is_null(key, "Should have return NULL for unknown credential");
/* Iterate over credentials with the same tag */
cert = credential_next_get(common_tag, NULL);
zassert_not_null(cert, "Should have find a credential");
key = credential_next_get(common_tag, cert);
zassert_not_null(key, "Should have find a credential");
if (cert->type == TLS_CREDENTIAL_PRIVATE_KEY) {
/* Function does not guarantee order of reads,
* so assume we could read key first
*/
temp = key;
key = cert;
cert = temp;
}
zassert_equal(cert->type, TLS_CREDENTIAL_SERVER_CERTIFICATE,
"Invalid type for cert");
zassert_equal(cert->tag, common_tag, "Invalid tag for cert");
zassert_equal(cert->len, sizeof(test_server_cert),
"Invalid cert length");
zassert_mem_equal(cert->buf, test_server_cert, sizeof(test_server_key),
"Invalid cert content");
zassert_equal(key->type, TLS_CREDENTIAL_PRIVATE_KEY,
"Invalid type for key");
zassert_equal(key->tag, common_tag, "Invalid tag for key");
zassert_equal(key->len, sizeof(test_server_key), "Invalid key length");
zassert_mem_equal(key->buf, test_server_key, sizeof(test_server_key),
"Invalid key content");
/* Iteration after getting last credential should return NULL */
key = credential_next_get(common_tag, key);
zassert_is_null(key, "Should have return NULL after last credential");
}
/**
* @brief Test test_credential_delete function
*
* This test verifies the credential delete operation.
*/
static void test_credential_delete(void)
{
int ret;
char cred[64];
size_t credlen = sizeof(cred);
/* Should fail if when trying to remove non-existing credential. */
ret = tls_credential_delete(invalid_tag, TLS_CREDENTIAL_CA_CERTIFICATE);
zassert_equal(ret, -ENOENT, "Should have failed with ENOENT");
/* Should remove existing credential. */
ret = tls_credential_delete(common_tag, TLS_CREDENTIAL_PRIVATE_KEY);
zassert_equal(ret, 0, "Failed to delete credential %d %d",
common_tag, TLS_CREDENTIAL_PRIVATE_KEY);
ret = tls_credential_get(common_tag, TLS_CREDENTIAL_PRIVATE_KEY,
cred, &credlen);
zassert_equal(ret, -ENOENT, "Should have failed with ENOENT");
}
ZTEST(tls_crecentials, test_tls_crecentials)
{
test_credential_add();
test_credential_get();
test_credential_internal_iterate();
test_credential_delete();
}
ZTEST_SUITE(tls_crecentials, NULL, NULL, NULL, NULL, NULL);