| /* |
| * Copyright (c) 2018 Nordic Semiconductor ASA |
| * |
| * SPDX-License-Identifier: Apache-2.0 |
| */ |
| |
| #include <zephyr/ztest.h> |
| |
| #include "tls_internal.h" |
| |
| static const char test_ca_cert[] = "Test CA certificate"; |
| static const char test_server_cert[] = "Test server certificate"; |
| static const char test_server_key[] = "Test server key"; |
| |
| static const int invalid_tag = CONFIG_TLS_MAX_CREDENTIALS_NUMBER + 1; |
| static const int unused_tag = CONFIG_TLS_MAX_CREDENTIALS_NUMBER; |
| static const int common_tag = CONFIG_TLS_MAX_CREDENTIALS_NUMBER - 1; |
| |
| /** |
| * @brief Test test_credential_add function |
| * |
| * This test verifies the credential add operation. |
| */ |
| static void test_credential_add(void) |
| { |
| int ret, i; |
| |
| for (i = 0; i < CONFIG_TLS_MAX_CREDENTIALS_NUMBER - 2; i++) { |
| ret = tls_credential_add(i, TLS_CREDENTIAL_CA_CERTIFICATE, |
| test_ca_cert, sizeof(test_ca_cert)); |
| zassert_equal(ret, 0, "Failed to add credential %d %d", i); |
| } |
| |
| /* Function should allow to add credentials of different types |
| * with the same tag |
| */ |
| ret = tls_credential_add(common_tag, TLS_CREDENTIAL_SERVER_CERTIFICATE, |
| test_server_cert, sizeof(test_server_cert)); |
| zassert_equal(ret, 0, "Failed to add credential %d %d", |
| common_tag, TLS_CREDENTIAL_SERVER_CERTIFICATE); |
| |
| ret = tls_credential_add(common_tag, TLS_CREDENTIAL_PRIVATE_KEY, |
| test_server_key, sizeof(test_server_key)); |
| zassert_equal(ret, 0, "Failed to add credential %d %d", |
| common_tag, TLS_CREDENTIAL_PRIVATE_KEY); |
| |
| /* Try to register another credential - should not have memory for that |
| */ |
| ret = tls_credential_add(unused_tag, TLS_CREDENTIAL_CA_CERTIFICATE, |
| test_ca_cert, sizeof(test_ca_cert)); |
| zassert_equal(ret, -ENOMEM, "Should have failed with ENOMEM"); |
| |
| /* Try to re-register with already registered tag and type */ |
| ret = tls_credential_add(common_tag, TLS_CREDENTIAL_PRIVATE_KEY, |
| test_server_key, sizeof(test_server_key)); |
| zassert_equal(ret, -EEXIST, "Should have failed with EEXIST"); |
| } |
| |
| /** |
| * @brief Test test_credential_get function |
| * |
| * This test verifies the credential get operation. |
| */ |
| static void test_credential_get(void) |
| { |
| char cred[64]; |
| size_t credlen; |
| int ret; |
| |
| /* Read existing credential */ |
| (void)memset(cred, 0, sizeof(cred)); |
| credlen = sizeof(cred); |
| ret = tls_credential_get(common_tag, TLS_CREDENTIAL_PRIVATE_KEY, |
| cred, &credlen); |
| zassert_equal(ret, 0, "Failed to read credential %d %d", |
| 0, TLS_CREDENTIAL_CA_CERTIFICATE); |
| ret = strcmp(cred, test_server_key); |
| zassert_equal(ret, 0, "Invalid credential content"); |
| zassert_equal(credlen, sizeof(test_server_key), |
| "Invalid credential length"); |
| |
| /* Try to read non-existing credentials */ |
| credlen = sizeof(cred); |
| ret = tls_credential_get(invalid_tag, TLS_CREDENTIAL_PSK, |
| cred, &credlen); |
| zassert_equal(ret, -ENOENT, "Should have failed with ENOENT"); |
| |
| /* Try to read with too small buffer */ |
| credlen = sizeof(test_server_cert) - 1; |
| ret = tls_credential_get(common_tag, TLS_CREDENTIAL_SERVER_CERTIFICATE, |
| cred, &credlen); |
| zassert_equal(ret, -EFBIG, "Should have failed with EFBIG"); |
| } |
| |
| /** |
| * @brief Test test_credential_internal_iterate function |
| * |
| * This test verifies the internal function for iterating over credentials. |
| */ |
| static void test_credential_internal_iterate(void) |
| { |
| struct tls_credential *cert, *key, *temp; |
| |
| /* Non-existing credential should return NULL */ |
| key = credential_next_get(invalid_tag, NULL); |
| zassert_is_null(key, "Should have return NULL for unknown credential"); |
| |
| /* Iterate over credentials with the same tag */ |
| cert = credential_next_get(common_tag, NULL); |
| zassert_not_null(cert, "Should have find a credential"); |
| |
| key = credential_next_get(common_tag, cert); |
| zassert_not_null(key, "Should have find a credential"); |
| |
| if (cert->type == TLS_CREDENTIAL_PRIVATE_KEY) { |
| /* Function does not guarantee order of reads, |
| * so assume we could read key first |
| */ |
| temp = key; |
| key = cert; |
| cert = temp; |
| } |
| |
| zassert_equal(cert->type, TLS_CREDENTIAL_SERVER_CERTIFICATE, |
| "Invalid type for cert"); |
| zassert_equal(cert->tag, common_tag, "Invalid tag for cert"); |
| zassert_equal(cert->len, sizeof(test_server_cert), |
| "Invalid cert length"); |
| zassert_mem_equal(cert->buf, test_server_cert, sizeof(test_server_key), |
| "Invalid cert content"); |
| |
| zassert_equal(key->type, TLS_CREDENTIAL_PRIVATE_KEY, |
| "Invalid type for key"); |
| zassert_equal(key->tag, common_tag, "Invalid tag for key"); |
| zassert_equal(key->len, sizeof(test_server_key), "Invalid key length"); |
| zassert_mem_equal(key->buf, test_server_key, sizeof(test_server_key), |
| "Invalid key content"); |
| |
| /* Iteration after getting last credential should return NULL */ |
| key = credential_next_get(common_tag, key); |
| zassert_is_null(key, "Should have return NULL after last credential"); |
| } |
| |
| /** |
| * @brief Test test_credential_delete function |
| * |
| * This test verifies the credential delete operation. |
| */ |
| static void test_credential_delete(void) |
| { |
| int ret; |
| char cred[64]; |
| size_t credlen = sizeof(cred); |
| |
| /* Should fail if when trying to remove non-existing credential. */ |
| ret = tls_credential_delete(invalid_tag, TLS_CREDENTIAL_CA_CERTIFICATE); |
| zassert_equal(ret, -ENOENT, "Should have failed with ENOENT"); |
| |
| /* Should remove existing credential. */ |
| ret = tls_credential_delete(common_tag, TLS_CREDENTIAL_PRIVATE_KEY); |
| zassert_equal(ret, 0, "Failed to delete credential %d %d", |
| common_tag, TLS_CREDENTIAL_PRIVATE_KEY); |
| |
| ret = tls_credential_get(common_tag, TLS_CREDENTIAL_PRIVATE_KEY, |
| cred, &credlen); |
| zassert_equal(ret, -ENOENT, "Should have failed with ENOENT"); |
| } |
| |
| ZTEST(tls_crecentials, test_tls_crecentials) |
| { |
| test_credential_add(); |
| test_credential_get(); |
| test_credential_internal_iterate(); |
| test_credential_delete(); |
| } |
| |
| ZTEST_SUITE(tls_crecentials, NULL, NULL, NULL, NULL, NULL); |