iPXE
x509_test.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 
26 /** @file
27  *
28  * X.509 self-tests
29  *
30  */
31 
32 /* Forcibly enable assertions */
33 #undef NDEBUG
34 
35 #include <stdint.h>
36 #include <string.h>
37 #include <errno.h>
38 #include <ipxe/x509.h>
39 #include <ipxe/asn1.h>
40 #include <ipxe/sha256.h>
41 #include <ipxe/test.h>
42 
43 /** Fingerprint algorithm used for X.509 test certificates */
44 #define x509_test_algorithm sha256_algorithm
45 
46 /** An X.509 test certificate */
47 struct x509_test_certificate {
48  /** Data */
49  const void *data;
50  /** Length of data */
51  size_t len;
52  /** Fingerprint */
53  const void *fingerprint;
54 
55  /** Parsed certificate */
56  struct x509_certificate *cert;
57 };
58 
59 /** An X.509 test certificate chain */
60 struct x509_test_chain {
61  /** Test certificates */
62  struct x509_test_certificate **certs;
63  /** Number of certificates */
64  unsigned int count;
65 
66  /** Parsed certificate chain */
67  struct x509_chain *chain;
68 };
69 
70 /** Define inline certificate data */
71 #define DATA(...) { __VA_ARGS__ }
72 
73 /** Define inline fingerprint data */
74 #define FINGERPRINT(...) { __VA_ARGS__ }
75 
76 /** Define a test certificate */
77 #define CERTIFICATE( name, DATA, FINGERPRINT ) \
78  static const uint8_t name ## _data[] = DATA; \
79  static const uint8_t name ## _fingerprint[] = FINGERPRINT; \
80  static struct x509_test_certificate name = { \
81  .data = name ## _data, \
82  .len = sizeof ( name ## _data ), \
83  .fingerprint = name ## _fingerprint, \
84  }
85 
86 /** Define a test certificate chain */
87 #define CHAIN( name, ... ) \
88  static struct x509_test_certificate * name ## _certs[] = \
89  { __VA_ARGS__ }; \
90  static struct x509_test_chain name = { \
91  .certs = name ## _certs, \
92  .count = ( sizeof ( name ## _certs ) / \
93  sizeof ( name ## _certs[0] ) ), \
94  }
95 
96 /*
97  * subject iPXE self-test root CA
98  * issuer iPXE self-test root CA
99  */
100 CERTIFICATE ( root_crt,
101  DATA ( 0x30, 0x82, 0x02, 0xb3, 0x30, 0x82, 0x02, 0x1c, 0xa0, 0x03,
102  0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xc6, 0xb8, 0x9c, 0x58,
103  0xd2, 0xdc, 0xc9, 0x5d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
104  0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30,
105  0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
106  0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06,
107  0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62,
108  0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65,
109  0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
110  0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65,
111  0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
112  0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65,
113  0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f,
114  0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78,
115  0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06,
116  0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50, 0x58, 0x45,
117  0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73, 0x74,
118  0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e,
119  0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30,
120  0x30, 0x31, 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x33, 0x39, 0x30,
121  0x38, 0x30, 0x38, 0x30, 0x30, 0x30, 0x31, 0x33, 0x33, 0x5a,
122  0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
123  0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15,
124  0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d,
125  0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72,
126  0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07,
127  0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67,
128  0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a,
129  0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74,
130  0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30,
131  0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70,
132  0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30, 0x1d,
133  0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50, 0x58,
134  0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73,
135  0x74, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30,
136  0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
137  0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
138  0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xaa, 0x72,
139  0xb5, 0xc1, 0x73, 0xf4, 0x95, 0x76, 0xa4, 0x27, 0xab, 0x5e,
140  0xeb, 0x1d, 0x9d, 0xd0, 0x04, 0xb2, 0x93, 0x05, 0xc7, 0xfa,
141  0x75, 0x84, 0x66, 0xe6, 0x3a, 0x26, 0x1f, 0xbc, 0x2d, 0xfd,
142  0x8f, 0x59, 0x64, 0xac, 0xcf, 0x65, 0x9d, 0x82, 0x23, 0xc3,
143  0x72, 0x93, 0xf2, 0x40, 0x68, 0x32, 0xd1, 0xb8, 0xf1, 0x47,
144  0x61, 0x50, 0xea, 0xbc, 0xcc, 0x3c, 0x6b, 0x74, 0x7a, 0xec,
145  0x2b, 0x75, 0xa6, 0xc2, 0xa2, 0xb8, 0xbf, 0x23, 0x48, 0x97,
146  0xd5, 0xaf, 0x77, 0xc1, 0x92, 0x88, 0xd7, 0x38, 0xb7, 0x9e,
147  0xda, 0xee, 0x72, 0x04, 0xcb, 0x96, 0xe5, 0xdb, 0xfd, 0x9b,
148  0x5d, 0x99, 0x4e, 0x7a, 0x60, 0x23, 0x34, 0xa4, 0x8d, 0xd7,
149  0x6c, 0xe7, 0x5d, 0x93, 0x97, 0xe1, 0xab, 0x36, 0x2c, 0x24,
150  0x16, 0x92, 0x66, 0xf6, 0x6a, 0x14, 0x23, 0x1d, 0x18, 0xb9,
151  0x44, 0x24, 0x61, 0x6b, 0xd3, 0x75, 0x02, 0x03, 0x01, 0x00,
152  0x01, 0xa3, 0x23, 0x30, 0x21, 0x30, 0x0f, 0x06, 0x03, 0x55,
153  0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01,
154  0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
155  0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0d,
156  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
157  0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x94, 0x9e, 0xea,
158  0x17, 0x8d, 0x27, 0xa9, 0x17, 0xe5, 0xa9, 0x19, 0xbe, 0x82,
159  0x36, 0xbd, 0xac, 0x74, 0xf3, 0x6e, 0x75, 0x71, 0x30, 0x1c,
160  0x05, 0x80, 0x6d, 0x1a, 0x69, 0x37, 0x86, 0x9c, 0x77, 0x75,
161  0x29, 0xa1, 0xc6, 0xb7, 0x11, 0x0a, 0x63, 0x27, 0xee, 0xb1,
162  0xc8, 0x94, 0xa9, 0x2e, 0x56, 0x8f, 0xca, 0x9d, 0xbe, 0xf4,
163  0xdb, 0x63, 0x97, 0x68, 0x3b, 0x13, 0xf8, 0x6a, 0xa5, 0xd1,
164  0x3d, 0xed, 0xbb, 0x86, 0x9d, 0x42, 0xfc, 0x15, 0x0a, 0x04,
165  0xf8, 0x3c, 0x0e, 0xc4, 0x86, 0x05, 0x57, 0x56, 0x96, 0xf6,
166  0xc0, 0x18, 0x53, 0xb0, 0xc5, 0xf0, 0xca, 0x72, 0x77, 0x77,
167  0xc9, 0x8e, 0x90, 0xa5, 0x4b, 0xb6, 0x80, 0x4a, 0x4c, 0x34,
168  0x6f, 0xc9, 0xe8, 0x6f, 0xc2, 0x28, 0xdf, 0x93, 0xa9, 0xf5,
169  0x63, 0x18, 0xc0, 0xec, 0x9e, 0xd5, 0x19, 0x36, 0xc5, 0x94,
170  0x10, 0xd4, 0x72, 0xd2, 0xb8 ),
171  FINGERPRINT ( 0x71, 0x5d, 0x51, 0x37, 0x5e, 0x18, 0xb3, 0xbc,
172  0xbb, 0x30, 0x0e, 0x8f, 0x50, 0xc7, 0x55, 0xf5,
173  0x96, 0xe7, 0xa8, 0x6d, 0x63, 0x2d, 0x32, 0x38,
174  0xaf, 0x00, 0xc4, 0x1a, 0xfc, 0xd8, 0xac, 0xc3 ) );
175 
176 /*
177  * subject iPXE self-test intermediate CA
178  * issuer iPXE self-test root CA
179  */
180 CERTIFICATE ( intermediate_crt,
181  DATA ( 0x30, 0x82, 0x02, 0xb3, 0x30, 0x82, 0x02, 0x1c, 0xa0, 0x03,
182  0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
183  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
184  0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
185  0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
186  0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
187  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
188  0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
189  0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
190  0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
191  0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
192  0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
193  0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
194  0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30,
195  0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50,
196  0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
197  0x73, 0x74, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41,
198  0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32,
199  0x30, 0x30, 0x30, 0x31, 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x31,
200  0x34, 0x31, 0x32, 0x31, 0x37, 0x30, 0x30, 0x30, 0x31, 0x33,
201  0x33, 0x5a, 0x30, 0x81, 0x90, 0x31, 0x0b, 0x30, 0x09, 0x06,
202  0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
203  0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
204  0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
205  0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
206  0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
207  0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
208  0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
209  0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
210  0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
211  0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x27,
212  0x30, 0x25, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1e, 0x69,
213  0x50, 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74,
214  0x65, 0x73, 0x74, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d,
215  0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x30,
216  0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
217  0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
218  0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc9, 0x3a,
219  0xee, 0xc6, 0x3c, 0xac, 0x4d, 0x81, 0xc6, 0x98, 0x5e, 0xe1,
220  0x48, 0x66, 0x1a, 0x1e, 0x60, 0x19, 0x41, 0xae, 0xca, 0x14,
221  0x97, 0xc8, 0x3a, 0x50, 0xb6, 0x48, 0xf5, 0x42, 0xac, 0x0f,
222  0xe1, 0xe3, 0x47, 0xf0, 0xbf, 0x7c, 0xd0, 0xee, 0x8f, 0xb7,
223  0xa6, 0x19, 0xad, 0xbb, 0xc5, 0x1b, 0x34, 0x38, 0xc8, 0xbd,
224  0x55, 0x84, 0x93, 0x72, 0xaf, 0x84, 0xfc, 0x9b, 0x97, 0x1d,
225  0xb5, 0x54, 0x24, 0xd6, 0x5d, 0xb7, 0x31, 0xf4, 0xbd, 0x3b,
226  0x40, 0x97, 0xc0, 0xa9, 0x5a, 0x2a, 0xcb, 0x6b, 0x98, 0x07,
227  0xdb, 0xb5, 0x9f, 0xe8, 0x31, 0x3f, 0x01, 0x46, 0x46, 0x70,
228  0x05, 0xa2, 0x0f, 0x8c, 0x7a, 0x61, 0xf3, 0xdf, 0xdb, 0xa1,
229  0x37, 0x2c, 0x88, 0x6a, 0x81, 0x21, 0x12, 0x4c, 0xf5, 0xcd,
230  0xaf, 0xc9, 0xd2, 0x36, 0x3d, 0x82, 0xd1, 0xca, 0x19, 0xaf,
231  0x4e, 0xae, 0x50, 0x71, 0x44, 0xbf, 0x02, 0x03, 0x01, 0x00,
232  0x01, 0xa3, 0x23, 0x30, 0x21, 0x30, 0x0f, 0x06, 0x03, 0x55,
233  0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01,
234  0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
235  0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0d,
236  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
237  0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x5d, 0x3c, 0xb3,
238  0x52, 0x19, 0xa6, 0x9e, 0x4a, 0x44, 0x98, 0xbf, 0x51, 0x20,
239  0x47, 0x0a, 0xf3, 0x26, 0x1a, 0xcc, 0x35, 0x2f, 0xc9, 0xed,
240  0xe0, 0x9d, 0x46, 0xeb, 0xbc, 0x7e, 0xc9, 0xb9, 0x1d, 0x76,
241  0xa4, 0x1d, 0xc2, 0xd9, 0x16, 0x29, 0x77, 0x01, 0x40, 0xdd,
242  0xe5, 0xcb, 0x28, 0x91, 0x3a, 0x0c, 0x13, 0x01, 0x1b, 0x72,
243  0x62, 0x45, 0x27, 0xfd, 0xd7, 0x00, 0x47, 0x36, 0x09, 0x1e,
244  0x7b, 0xd2, 0xcb, 0x95, 0x3d, 0x28, 0x82, 0xce, 0x83, 0x59,
245  0x32, 0xf9, 0xe6, 0xec, 0x89, 0xac, 0x88, 0x45, 0x22, 0x88,
246  0x6f, 0x5e, 0xa2, 0x79, 0x95, 0xba, 0xb9, 0xc9, 0xb6, 0x4c,
247  0x7c, 0xb4, 0x29, 0xa1, 0x02, 0xf5, 0xac, 0x5d, 0x8e, 0x52,
248  0xeb, 0xe8, 0xb1, 0x56, 0x49, 0xb3, 0x77, 0x62, 0x7d, 0x87,
249  0x4d, 0x17, 0xf2, 0x62, 0x83, 0x08, 0x59, 0x21, 0x60, 0x0d,
250  0x84, 0x8e, 0x5a, 0x84, 0xf6 ),
251  FINGERPRINT ( 0x88, 0x70, 0xbf, 0xf0, 0xd6, 0x09, 0x03, 0x3a,
252  0xe1, 0x80, 0xa7, 0xa5, 0x5c, 0x3e, 0xe1, 0x05,
253  0x38, 0x97, 0xde, 0xe1, 0xe9, 0x74, 0x55, 0xb1,
254  0x1e, 0x59, 0x69, 0x44, 0x42, 0x1b, 0xc8, 0xff ) );
255 
256 /*
257  * subject iPXE self-test leaf CA
258  * issuer iPXE self-test intermediate CA
259  */
260 CERTIFICATE ( leaf_crt,
261  DATA ( 0x30, 0x82, 0x02, 0xb6, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03,
262  0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
263  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
264  0x00, 0x30, 0x81, 0x90, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
265  0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
266  0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
267  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
268  0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
269  0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
270  0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
271  0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
272  0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
273  0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
274  0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x27, 0x30,
275  0x25, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1e, 0x69, 0x50,
276  0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
277  0x73, 0x74, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65,
278  0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x30, 0x1e,
279  0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30,
280  0x30, 0x31, 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x31, 0x34, 0x31,
281  0x32, 0x31, 0x37, 0x30, 0x30, 0x30, 0x31, 0x33, 0x33, 0x5a,
282  0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
283  0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15,
284  0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d,
285  0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72,
286  0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07,
287  0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67,
288  0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a,
289  0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74,
290  0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30,
291  0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70,
292  0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30, 0x1d,
293  0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50, 0x58,
294  0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73,
295  0x74, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20, 0x43, 0x41, 0x30,
296  0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
297  0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
298  0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc3, 0x55,
299  0xad, 0xdf, 0x7b, 0xd1, 0x48, 0xc3, 0xd3, 0x02, 0x54, 0x6c,
300  0x92, 0x45, 0x22, 0x3d, 0x90, 0xd8, 0xc7, 0x13, 0xcd, 0xc1,
301  0x59, 0xc6, 0xe0, 0xad, 0x0e, 0xe6, 0xdb, 0x3b, 0xe8, 0x63,
302  0xea, 0x4e, 0xb6, 0xea, 0x50, 0xea, 0x6e, 0x33, 0x9d, 0x28,
303  0x25, 0x42, 0x49, 0xd0, 0xf0, 0xed, 0xc5, 0x5b, 0x6b, 0x4a,
304  0xe7, 0x45, 0xfa, 0xd3, 0x3f, 0xae, 0xde, 0x5a, 0x90, 0xab,
305  0xf1, 0x61, 0x2f, 0x40, 0x5e, 0xcf, 0x8b, 0x0b, 0x10, 0x59,
306  0xa9, 0xd0, 0x1e, 0x0f, 0x18, 0x6b, 0x92, 0xd8, 0x9f, 0x58,
307  0x10, 0x84, 0xb6, 0x15, 0xe8, 0x5b, 0xc4, 0xa0, 0x3e, 0x49,
308  0x8b, 0xea, 0xdd, 0xa9, 0x7e, 0x32, 0x26, 0x9a, 0x68, 0x44,
309  0xf0, 0x30, 0xca, 0x2a, 0xd6, 0x19, 0x7a, 0x80, 0xfd, 0xd7,
310  0xfc, 0xc7, 0x5d, 0xe7, 0x61, 0xd2, 0x3f, 0x1f, 0x2c, 0x40,
311  0x70, 0x7b, 0x34, 0xcb, 0x08, 0xa9, 0x02, 0x03, 0x01, 0x00,
312  0x01, 0xa3, 0x26, 0x30, 0x24, 0x30, 0x12, 0x06, 0x03, 0x55,
313  0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01,
314  0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55,
315  0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02,
316  0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
317  0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00,
318  0x40, 0xd2, 0x70, 0x02, 0x08, 0x19, 0xa0, 0xb8, 0x8d, 0x9d,
319  0x3d, 0x62, 0x41, 0x90, 0x2a, 0x36, 0x4a, 0x8b, 0x21, 0x42,
320  0x9a, 0xb4, 0xc5, 0xf8, 0x79, 0x17, 0xd7, 0x64, 0x4d, 0xbf,
321  0x8f, 0x6a, 0x04, 0x54, 0x7a, 0x0b, 0xd4, 0xb5, 0x0e, 0xab,
322  0xf7, 0xb7, 0x06, 0x2b, 0xf8, 0xde, 0x87, 0xb2, 0x37, 0x3b,
323  0x95, 0x01, 0xba, 0x9f, 0x8f, 0xec, 0x0a, 0x86, 0xca, 0x51,
324  0xb6, 0x25, 0x73, 0x2f, 0xa1, 0x66, 0xc8, 0x7a, 0x5e, 0x51,
325  0xbd, 0x49, 0xb5, 0x75, 0xda, 0xea, 0xe5, 0xeb, 0x5d, 0xe3,
326  0xb0, 0xad, 0x49, 0x9f, 0x8b, 0xfd, 0x89, 0xb3, 0xb7, 0xb2,
327  0x4c, 0x7d, 0x8a, 0x29, 0xb2, 0xbe, 0x04, 0xef, 0x9c, 0x73,
328  0x3c, 0xea, 0xa3, 0x9f, 0x07, 0x66, 0x5a, 0x2f, 0x38, 0xad,
329  0x1a, 0xeb, 0xe1, 0xb0, 0x62, 0x14, 0x55, 0xdc, 0x8c, 0x83,
330  0xbb, 0xc7, 0x13, 0x04, 0x41, 0x54, 0xf1, 0x45 ),
331  FINGERPRINT ( 0xca, 0xcf, 0xea, 0x98, 0x3d, 0x71, 0xb6, 0x9d,
332  0x4f, 0x5b, 0x84, 0x5e, 0xaa, 0x8e, 0xae, 0x63,
333  0x0e, 0xad, 0x52, 0xe8, 0xc7, 0x51, 0x81, 0x07,
334  0xd1, 0xa1, 0x66, 0xdb, 0xd5, 0x62, 0xe1, 0xe6 ) );
335 
336 /*
337  * subject iPXE self-test useless CA
338  * issuer iPXE self-test leaf CA
339  */
340 CERTIFICATE ( useless_crt,
341  DATA ( 0x30, 0x82, 0x02, 0xae, 0x30, 0x82, 0x02, 0x17, 0xa0, 0x03,
342  0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
343  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
344  0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
345  0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
346  0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
347  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
348  0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
349  0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
350  0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
351  0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
352  0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
353  0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
354  0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30,
355  0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50,
356  0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
357  0x73, 0x74, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20, 0x43, 0x41,
358  0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32,
359  0x30, 0x30, 0x30, 0x31, 0x33, 0x34, 0x5a, 0x17, 0x0d, 0x31,
360  0x34, 0x31, 0x32, 0x31, 0x37, 0x30, 0x30, 0x30, 0x31, 0x33,
361  0x34, 0x5a, 0x30, 0x81, 0x8b, 0x31, 0x0b, 0x30, 0x09, 0x06,
362  0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
363  0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
364  0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
365  0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
366  0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
367  0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
368  0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
369  0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
370  0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
371  0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22,
372  0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x19, 0x69,
373  0x50, 0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74,
374  0x65, 0x73, 0x74, 0x20, 0x75, 0x73, 0x65, 0x6c, 0x65, 0x73,
375  0x73, 0x20, 0x43, 0x41, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06,
376  0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
377  0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
378  0x81, 0x81, 0x00, 0xbe, 0x7f, 0x5a, 0x07, 0x7c, 0x61, 0xc2,
379  0x3a, 0x7e, 0xe3, 0x94, 0xcb, 0xe9, 0xc3, 0x4c, 0x6f, 0x8d,
380  0x5c, 0x4a, 0xf0, 0xc2, 0x13, 0x54, 0x09, 0x39, 0xa8, 0xf9,
381  0xc2, 0xc3, 0xdd, 0xbe, 0x42, 0x99, 0xa6, 0xe1, 0x58, 0x0a,
382  0xd5, 0x89, 0x12, 0xa6, 0xd6, 0x4e, 0xfb, 0x6c, 0xe5, 0xab,
383  0xff, 0x40, 0x52, 0xcc, 0x1e, 0x63, 0x10, 0xd7, 0xfe, 0x49,
384  0xf3, 0x86, 0x29, 0x58, 0x6a, 0x90, 0xe4, 0xe2, 0x56, 0x85,
385  0x14, 0x7d, 0xa5, 0xf8, 0xe0, 0x7e, 0x96, 0x88, 0xd9, 0x23,
386  0xe5, 0x44, 0x72, 0xa9, 0x5a, 0xbb, 0x76, 0x6b, 0x59, 0x3e,
387  0x85, 0xd4, 0xe7, 0xb2, 0x31, 0x32, 0xea, 0x40, 0x1f, 0xce,
388  0xfb, 0xb1, 0x91, 0xee, 0x86, 0x91, 0x3e, 0xa4, 0x86, 0xa4,
389  0xe9, 0x74, 0xd7, 0x14, 0x8c, 0xb6, 0xb4, 0xc0, 0x08, 0xbb,
390  0xc8, 0x38, 0xc3, 0x96, 0x3d, 0x85, 0xcf, 0xef, 0x94, 0x52,
391  0x29, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x23, 0x30, 0x21,
392  0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
393  0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06,
394  0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03,
395  0x02, 0x02, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
396  0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81,
397  0x81, 0x00, 0x50, 0x59, 0xfb, 0x9d, 0x4d, 0xfe, 0x0e, 0x5b,
398  0xc4, 0x51, 0xe9, 0xe8, 0xa4, 0xf5, 0x2f, 0x32, 0x8b, 0x06,
399  0x78, 0xbe, 0xf1, 0x18, 0xc5, 0x6f, 0xd9, 0x20, 0xee, 0xb7,
400  0x51, 0x40, 0xaf, 0xf3, 0x3c, 0xe4, 0x74, 0x00, 0xa4, 0x63,
401  0x3b, 0x37, 0xe1, 0xef, 0x80, 0xdc, 0xd5, 0x90, 0xed, 0xba,
402  0x91, 0x86, 0x7f, 0x97, 0x5d, 0x3e, 0x8f, 0x29, 0xcc, 0x57,
403  0xee, 0x79, 0x15, 0x6b, 0xe3, 0xd1, 0x25, 0x14, 0x24, 0xdf,
404  0xbf, 0x38, 0xee, 0xe3, 0x8a, 0x88, 0x19, 0x0f, 0xc8, 0x10,
405  0xae, 0x27, 0x99, 0xa8, 0x35, 0x47, 0xc9, 0xfb, 0x92, 0x47,
406  0xa2, 0x36, 0x2a, 0x8c, 0x26, 0x12, 0xb1, 0x0d, 0x46, 0xe2,
407  0xdc, 0x33, 0x29, 0x0c, 0x32, 0xcf, 0x22, 0x49, 0xde, 0xc3,
408  0x55, 0x2a, 0xba, 0xdd, 0xe3, 0x98, 0xc0, 0xe4, 0x9a, 0xa2,
409  0xe5, 0x43, 0x04, 0x32, 0xd3, 0x50, 0x7d, 0x9c, 0x71, 0x23 ),
410  FINGERPRINT ( 0xda, 0xbf, 0xd3, 0x5e, 0x2e, 0x29, 0xa9, 0xfd,
411  0x4d, 0x40, 0xba, 0xb8, 0xdd, 0x66, 0x93, 0x4c,
412  0x10, 0xea, 0x5b, 0x07, 0xa6, 0xe2, 0x27, 0x63,
413  0x2e, 0xfe, 0x01, 0x63, 0x7c, 0xea, 0xc6, 0xd0 ) );
414 
415 /*
416  * subject boot.test.ipxe.org
417  * issuer iPXE self-test leaf CA
418  */
419 CERTIFICATE ( server_crt,
420  DATA ( 0x30, 0x82, 0x02, 0xd2, 0x30, 0x82, 0x02, 0x3b, 0xa0, 0x03,
421  0x02, 0x01, 0x02, 0x02, 0x01, 0x1e, 0x30, 0x0d, 0x06, 0x09,
422  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
423  0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
424  0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30,
425  0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61,
426  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69,
427  0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
428  0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
429  0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
430  0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73,
431  0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
432  0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69,
433  0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1f, 0x30,
434  0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x69, 0x50,
435  0x58, 0x45, 0x20, 0x73, 0x65, 0x6c, 0x66, 0x2d, 0x74, 0x65,
436  0x73, 0x74, 0x20, 0x6c, 0x65, 0x61, 0x66, 0x20, 0x43, 0x41,
437  0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x30, 0x35,
438  0x31, 0x33, 0x34, 0x35, 0x30, 0x35, 0x5a, 0x17, 0x0d, 0x31,
439  0x33, 0x30, 0x33, 0x30, 0x35, 0x31, 0x33, 0x34, 0x35, 0x30,
440  0x35, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06,
441  0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17,
442  0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43,
443  0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68,
444  0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
445  0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69,
446  0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
447  0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79,
448  0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31,
449  0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08,
450  0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1b,
451  0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x62,
452  0x6f, 0x6f, 0x74, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x69,
453  0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x81, 0x9f,
454  0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
455  0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30,
456  0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xac, 0x7b, 0x54, 0xc1,
457  0x97, 0x4d, 0x56, 0xbd, 0xb2, 0x52, 0xb3, 0x5c, 0x1b, 0x28,
458  0xae, 0x91, 0x33, 0xf0, 0xc8, 0xc2, 0x3c, 0x7d, 0xe8, 0x95,
459  0x72, 0xaf, 0xfe, 0xa1, 0x68, 0xe1, 0xbd, 0xe2, 0x9d, 0x4c,
460  0xe8, 0x95, 0x56, 0x94, 0xce, 0x47, 0x57, 0x1b, 0xb1, 0x08,
461  0xa1, 0x5b, 0x02, 0x8f, 0x56, 0x75, 0x1e, 0x4f, 0xfd, 0xc5,
462  0x87, 0x5c, 0x1c, 0x3f, 0xab, 0x4f, 0xba, 0x25, 0x14, 0x6d,
463  0xe3, 0xa2, 0x47, 0x33, 0xd0, 0x78, 0x63, 0xcc, 0x11, 0x37,
464  0x08, 0x73, 0x25, 0x42, 0x20, 0xa9, 0x57, 0x29, 0xeb, 0x44,
465  0x80, 0x0d, 0xe6, 0x76, 0x4b, 0x02, 0x8b, 0x67, 0xb2, 0x99,
466  0xfe, 0xb3, 0x44, 0x62, 0xdf, 0x34, 0x0e, 0xf3, 0xe2, 0x17,
467  0x42, 0x8f, 0x36, 0x42, 0x5a, 0x1c, 0x03, 0x3e, 0x06, 0x0d,
468  0x5e, 0x08, 0x52, 0xd1, 0x06, 0xfb, 0xa9, 0xdb, 0x13, 0x15,
469  0x08, 0x6d, 0x03, 0x85, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3,
470  0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x11,
471  0x04, 0x43, 0x30, 0x41, 0x82, 0x12, 0x64, 0x65, 0x6d, 0x6f,
472  0x2e, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65,
473  0x2e, 0x6f, 0x72, 0x67, 0x82, 0x13, 0x2a, 0x2e, 0x61, 0x6c,
474  0x74, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78,
475  0x65, 0x2e, 0x6f, 0x72, 0x67, 0x87, 0x04, 0xc0, 0xa8, 0x00,
476  0x01, 0x87, 0x10, 0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
477  0x00, 0x00, 0x00, 0x69, 0xff, 0xfe, 0x50, 0x58, 0x45, 0x30,
478  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
479  0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x63, 0x83,
480  0xf5, 0xde, 0xf7, 0x59, 0x81, 0xd3, 0x34, 0x61, 0xfd, 0x2c,
481  0x0c, 0xec, 0x1c, 0x25, 0xd2, 0x2c, 0xe8, 0x90, 0x4f, 0x34,
482  0x43, 0x2c, 0x86, 0x18, 0x9e, 0x66, 0x26, 0x0d, 0x02, 0x2a,
483  0xea, 0x28, 0xc6, 0xbb, 0x51, 0x02, 0xbe, 0x8f, 0x51, 0x50,
484  0xc7, 0x04, 0x49, 0x97, 0xb9, 0xd4, 0xa5, 0x74, 0x39, 0xaa,
485  0x22, 0xbb, 0x4e, 0x46, 0x57, 0x15, 0x0e, 0xcf, 0x64, 0x60,
486  0xc8, 0x13, 0xdf, 0x82, 0x09, 0x3b, 0x92, 0xf5, 0x69, 0x80,
487  0xd2, 0x5e, 0x53, 0x9d, 0x3a, 0xcd, 0x9e, 0x81, 0xa1, 0xbd,
488  0x5b, 0x66, 0x89, 0x4d, 0xf7, 0xa4, 0xd6, 0x92, 0xe4, 0xe1,
489  0x80, 0x87, 0xfa, 0xa5, 0x47, 0x25, 0x9c, 0x35, 0x77, 0xa5,
490  0x11, 0x1b, 0x48, 0x4c, 0x5e, 0x5e, 0x2f, 0xc7, 0xf8, 0x78,
491  0x4c, 0x36, 0x41, 0xfb, 0x91, 0x5d, 0xf6, 0x43, 0x99, 0x7c,
492  0xcd, 0x7f, 0x27, 0x4c, 0x75, 0xca ),
493  FINGERPRINT ( 0x82, 0xd3, 0xa0, 0x4c, 0x0d, 0x7d, 0x3c, 0xb1,
494  0x90, 0x63, 0xd8, 0xef, 0x1e, 0xd2, 0xdd, 0x10,
495  0xd5, 0x89, 0x40, 0x35, 0xb9, 0x5e, 0x98, 0x44,
496  0x30, 0xa2, 0x48, 0x9a, 0xb8, 0x2f, 0xcf, 0xe3 ) );
497 
498 /*
499  * subject not.a.ca.test.ipxe.org
500  * issuer boot.test.ipxe.org
501  */
502 CERTIFICATE ( not_ca_crt,
503  DATA ( 0x30, 0x82, 0x02, 0x7d, 0x30, 0x82, 0x01, 0xe6, 0x02, 0x01,
504  0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
505  0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0x84, 0x31,
506  0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
507  0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04,
508  0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
509  0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65, 0x31, 0x12, 0x30,
510  0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61,
511  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x31, 0x18, 0x30,
512  0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65,
513  0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20,
514  0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55,
515  0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f,
516  0x72, 0x67, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04,
517  0x03, 0x0c, 0x12, 0x62, 0x6f, 0x6f, 0x74, 0x2e, 0x74, 0x65,
518  0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72,
519  0x67, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32,
520  0x32, 0x30, 0x30, 0x30, 0x31, 0x33, 0x34, 0x5a, 0x17, 0x0d,
521  0x31, 0x33, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30, 0x30, 0x31,
522  0x33, 0x34, 0x5a, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09,
523  0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31,
524  0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e,
525  0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73,
526  0x68, 0x69, 0x72, 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03,
527  0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72,
528  0x69, 0x64, 0x67, 0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
529  0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53,
530  0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64,
531  0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
532  0x08, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31,
533  0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16,
534  0x6e, 0x6f, 0x74, 0x2e, 0x61, 0x2e, 0x63, 0x61, 0x2e, 0x74,
535  0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f,
536  0x72, 0x67, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a,
537  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00,
538  0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81,
539  0x00, 0xc3, 0x5b, 0x6d, 0xb3, 0x8d, 0x74, 0x9c, 0x1d, 0xbd,
540  0x94, 0x41, 0xa2, 0x42, 0x96, 0x3c, 0x41, 0x82, 0xc0, 0xf1,
541  0x95, 0xbf, 0xc5, 0x34, 0x92, 0x92, 0xa3, 0xed, 0xed, 0x5c,
542  0x07, 0xaa, 0xb4, 0xc1, 0x66, 0xbb, 0xa6, 0xd1, 0xd9, 0x78,
543  0x93, 0xf1, 0x9c, 0x3e, 0x13, 0x3a, 0xee, 0x74, 0x31, 0xeb,
544  0x55, 0x86, 0xa5, 0x43, 0x8a, 0x5d, 0x0c, 0x2c, 0x0d, 0xfb,
545  0x91, 0x9e, 0x31, 0x22, 0xbe, 0x96, 0xb5, 0x0e, 0x44, 0xc8,
546  0x5b, 0x65, 0xb2, 0xf5, 0xec, 0x2a, 0x51, 0xed, 0x8f, 0x28,
547  0xd8, 0xb2, 0x4b, 0x45, 0x39, 0x31, 0x1f, 0x11, 0xb7, 0x12,
548  0xe3, 0xc6, 0xb2, 0xd2, 0x8d, 0x50, 0xd5, 0xf4, 0xd2, 0x71,
549  0x77, 0xc9, 0x4c, 0x67, 0xee, 0xf7, 0xdc, 0xdb, 0x68, 0xa6,
550  0xac, 0x33, 0xd4, 0xb2, 0x12, 0x61, 0x5c, 0xae, 0x4c, 0x2e,
551  0x26, 0xe8, 0xdf, 0x46, 0x3a, 0x05, 0xaf, 0xeb, 0x0d, 0x02,
552  0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
553  0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03,
554  0x81, 0x81, 0x00, 0x90, 0x3e, 0x16, 0x27, 0x2f, 0x4e, 0x4b,
555  0x31, 0x0e, 0xae, 0x31, 0x9d, 0x64, 0x88, 0x9f, 0xce, 0xd8,
556  0x22, 0x51, 0x9d, 0xd9, 0x2b, 0xfe, 0xed, 0x75, 0xbe, 0xec,
557  0x5a, 0x73, 0xaf, 0x6c, 0xa5, 0x5e, 0xd1, 0x15, 0x9a, 0x08,
558  0xcf, 0x4d, 0x41, 0x78, 0x48, 0xb4, 0x29, 0xf1, 0xf7, 0x63,
559  0x9b, 0x11, 0x91, 0x16, 0x94, 0x55, 0xff, 0xeb, 0xe9, 0x6f,
560  0x0a, 0x34, 0x89, 0xed, 0xf2, 0xd1, 0x79, 0x91, 0x9d, 0xe5,
561  0x73, 0x48, 0x68, 0x7f, 0x9b, 0xf4, 0x94, 0x80, 0x29, 0xbb,
562  0x2f, 0xac, 0x6c, 0xf7, 0x6a, 0x43, 0xcc, 0x40, 0x34, 0x85,
563  0xc8, 0xa1, 0x6d, 0x16, 0x36, 0x65, 0x3f, 0x93, 0x60, 0xc1,
564  0x64, 0x33, 0x91, 0xa1, 0x8f, 0x86, 0x8c, 0xce, 0x14, 0x19,
565  0x72, 0x28, 0xef, 0x94, 0x3d, 0x09, 0xb8, 0x3b, 0x39, 0xe8,
566  0xd1, 0x66, 0x2b, 0x38, 0xb4, 0x46, 0x50, 0xf4, 0xcd, 0xc4,
567  0x9a ),
568  FINGERPRINT ( 0x37, 0x6b, 0xc2, 0x20, 0xa9, 0xbc, 0xe2, 0x83,
569  0x99, 0x60, 0x06, 0x2e, 0xaf, 0x94, 0xfe, 0xb0,
570  0x1a, 0x2c, 0x17, 0x47, 0x1e, 0xc0, 0xd1, 0x66,
571  0xb6, 0x76, 0xeb, 0x1c, 0x07, 0xae, 0x72, 0xf2 ) );
572 
573 /*
574  * subject bad.path.len.test.ipxe.org
575  * issuer iPXE self-test useless CA
576  */
577 CERTIFICATE ( bad_path_len_crt,
578  DATA ( 0x30, 0x82, 0x02, 0x88, 0x30, 0x82, 0x01, 0xf1, 0x02, 0x01,
579  0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
580  0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0x8b, 0x31,
581  0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
582  0x47, 0x42, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04,
583  0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64,
584  0x67, 0x65, 0x73, 0x68, 0x69, 0x72, 0x65, 0x31, 0x12, 0x30,
585  0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x61,
586  0x6d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x31, 0x18, 0x30,
587  0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0f, 0x46, 0x65,
588  0x6e, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x20,
589  0x4c, 0x74, 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55,
590  0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70, 0x78, 0x65, 0x2e, 0x6f,
591  0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04,
592  0x03, 0x0c, 0x19, 0x69, 0x50, 0x58, 0x45, 0x20, 0x73, 0x65,
593  0x6c, 0x66, 0x2d, 0x74, 0x65, 0x73, 0x74, 0x20, 0x75, 0x73,
594  0x65, 0x6c, 0x65, 0x73, 0x73, 0x20, 0x43, 0x41, 0x30, 0x1e,
595  0x17, 0x0d, 0x31, 0x32, 0x30, 0x33, 0x32, 0x32, 0x30, 0x30,
596  0x30, 0x31, 0x33, 0x34, 0x5a, 0x17, 0x0d, 0x31, 0x33, 0x30,
597  0x33, 0x32, 0x32, 0x30, 0x30, 0x30, 0x31, 0x33, 0x34, 0x5a,
598  0x30, 0x81, 0x8c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
599  0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x17, 0x30, 0x15,
600  0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x43, 0x61, 0x6d,
601  0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x73, 0x68, 0x69, 0x72,
602  0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07,
603  0x0c, 0x09, 0x43, 0x61, 0x6d, 0x62, 0x72, 0x69, 0x64, 0x67,
604  0x65, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a,
605  0x0c, 0x0f, 0x46, 0x65, 0x6e, 0x20, 0x53, 0x79, 0x73, 0x74,
606  0x65, 0x6d, 0x73, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, 0x30,
607  0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x69, 0x70,
608  0x78, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x23, 0x30, 0x21,
609  0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1a, 0x62, 0x61, 0x64,
610  0x2e, 0x70, 0x61, 0x74, 0x68, 0x2e, 0x6c, 0x65, 0x6e, 0x2e,
611  0x74, 0x65, 0x73, 0x74, 0x2e, 0x69, 0x70, 0x78, 0x65, 0x2e,
612  0x6f, 0x72, 0x67, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09,
613  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
614  0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81,
615  0x81, 0x00, 0xed, 0xf1, 0xe3, 0xb2, 0x61, 0x68, 0xa0, 0xd5,
616  0x43, 0xfe, 0xad, 0xee, 0xfb, 0x8e, 0x2c, 0xf0, 0x44, 0xaf,
617  0x0a, 0x3c, 0x87, 0xc2, 0x56, 0x9b, 0x66, 0x15, 0xc6, 0xbc,
618  0x5b, 0x96, 0xef, 0xa1, 0x49, 0xd6, 0xe7, 0xeb, 0xb8, 0xf6,
619  0x3d, 0x62, 0xf5, 0x51, 0xfd, 0xb1, 0xa5, 0x4e, 0x92, 0x7c,
620  0x7a, 0x31, 0x1b, 0xb8, 0x21, 0x5c, 0xfe, 0x0b, 0x4e, 0x58,
621  0xd6, 0xd0, 0x8b, 0x81, 0x00, 0x4a, 0xf8, 0xf7, 0x2a, 0xc9,
622  0xea, 0xfa, 0x9c, 0xc9, 0x33, 0x0b, 0xc4, 0xce, 0x96, 0x4c,
623  0x30, 0x6e, 0xf0, 0x07, 0xfa, 0x1b, 0x94, 0x1f, 0xe3, 0x3b,
624  0xb2, 0x7d, 0x31, 0x1a, 0x37, 0x64, 0xe2, 0xc3, 0xf1, 0xe5,
625  0xb9, 0xcc, 0xd1, 0x02, 0xae, 0x16, 0x39, 0x9b, 0xfc, 0x55,
626  0xca, 0xdd, 0x33, 0x92, 0xe3, 0x12, 0x40, 0xc5, 0x32, 0x51,
627  0x62, 0xac, 0x3a, 0xc0, 0x17, 0x36, 0xd0, 0x27, 0x3d, 0xbb,
628  0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a,
629  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00,
630  0x03, 0x81, 0x81, 0x00, 0x07, 0x53, 0x2a, 0x80, 0xd6, 0x25,
631  0x10, 0x37, 0xce, 0x3b, 0x87, 0x87, 0xfc, 0xae, 0xe2, 0x2a,
632  0x28, 0x3f, 0xf7, 0xa6, 0x32, 0x5b, 0x06, 0xbd, 0x4f, 0x34,
633  0x6b, 0x47, 0x8a, 0x4b, 0x47, 0x51, 0xe8, 0x45, 0x69, 0xe3,
634  0xf3, 0xdf, 0xa4, 0x25, 0x8f, 0x34, 0xbe, 0xe5, 0x2c, 0xa4,
635  0x6c, 0x8c, 0x6e, 0x02, 0x74, 0x23, 0x43, 0x21, 0x4d, 0xe3,
636  0x75, 0x93, 0x8e, 0xa8, 0x2c, 0x54, 0xba, 0x35, 0xe7, 0xab,
637  0x44, 0xfa, 0x07, 0x7a, 0x18, 0xb4, 0xa7, 0xce, 0xfa, 0xa6,
638  0x74, 0x5a, 0x45, 0x2c, 0x6f, 0x86, 0x34, 0x8f, 0x4a, 0x09,
639  0xe0, 0xf3, 0x4f, 0x37, 0xbb, 0xa3, 0xa0, 0xcb, 0xad, 0x6b,
640  0xc1, 0x16, 0x06, 0xdf, 0x83, 0x98, 0xaf, 0xa8, 0xc3, 0xa0,
641  0x5f, 0x33, 0x09, 0x01, 0x12, 0xbd, 0xd3, 0x45, 0x9f, 0x5f,
642  0x96, 0x93, 0xe9, 0x69, 0xe9, 0xb1, 0x8a, 0xe4, 0x94, 0xce,
643  0xe4, 0x8d ),
644  FINGERPRINT ( 0xb6, 0x80, 0x84, 0xf1, 0x45, 0x55, 0x1f, 0xbc,
645  0x15, 0xa6, 0xd8, 0x4b, 0xf3, 0x19, 0x65, 0xef,
646  0x53, 0x5a, 0xc8, 0x99, 0xe5, 0xdf, 0x79, 0x07,
647  0x00, 0x2c, 0x9f, 0x49, 0x91, 0x21, 0xeb, 0xfc ) );
648 
649 /** Valid certificate chain up to boot.test.ipxe.org */
650 CHAIN ( server_chain, &server_crt, &leaf_crt, &intermediate_crt, &root_crt );
651 
652 /** Broken certificate chain up to boot.test.ipxe.org */
653 CHAIN ( broken_server_chain, &server_crt, &leaf_crt, &root_crt );
654 
655 /** Incomplete certificate chain up to boot.test.ipxe.org */
656 CHAIN ( incomplete_server_chain, &server_crt, &leaf_crt, &intermediate_crt );
657 
658 /** Non-functional certificate chain up to not_ca.test.ipxe.org */
659 CHAIN ( not_ca_chain,
660  &not_ca_crt, &server_crt, &leaf_crt, &intermediate_crt, &root_crt );
661 
662 /** Valid certificate chain up to iPXE self-test useless CA */
663 CHAIN ( useless_chain, &useless_crt, &leaf_crt, &intermediate_crt, &root_crt );
664 
665 /** Non-functional certificate chain up to bad.path.len.test.ipxe.org */
666 CHAIN ( bad_path_len_chain, &bad_path_len_crt, &useless_crt, &leaf_crt,
667  &intermediate_crt, &root_crt );
668 
669 /** Empty certificate store */
670 static struct x509_chain empty_store = {
671  .refcnt = REF_INIT ( ref_no_free ),
672  .links = LIST_HEAD_INIT ( empty_store.links ),
673 };
674 
675 /** Root certificate list containing the iPXE self-test root CA */
676 static struct x509_root test_root = {
677  .refcnt = REF_INIT ( ref_no_free ),
678  .digest = &x509_test_algorithm,
679  .count = 1,
680  .fingerprints = root_crt_fingerprint,
681 };
682 
683 /** Root certificate list containing the iPXE self-test intermediate CA */
684 static struct x509_root intermediate_root = {
685  .refcnt = REF_INIT ( ref_no_free ),
686  .digest = &x509_test_algorithm,
687  .count = 1,
688  .fingerprints = intermediate_crt_fingerprint,
689 };
690 
691 /** Dummy fingerprint (not matching any certificates) */
692 static uint8_t dummy_fingerprint[] =
693  FINGERPRINT ( 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
694  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
695  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
696  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff );
697 
698 /** Certificate store containing a dummy fingerprint */
699 static struct x509_root dummy_root = {
700  .refcnt = REF_INIT ( ref_no_free ),
701  .digest = &x509_test_algorithm,
702  .count = 1,
703  .fingerprints = dummy_fingerprint,
704 };
705 
706 /** Time at which all test certificates are valid */
707 static time_t test_time = 1332374737ULL; /* Thu Mar 22 00:05:37 2012 */
708 
709 /** Time at which end-entity test certificates are invalid */
710 static time_t test_expired = 1375573111ULL; /* Sat Aug 3 23:38:31 2013 */
711 
712 /** Time at which CA test certificates are invalid */
713 static time_t test_ca_expired = 2205014905ULL; /* Wed Nov 16 00:08:25 2039 */
714 
715 /**
716  * Report certificate parsing test result
717  *
718  * @v crt Test certificate
719  * @v file Test code file
720  * @v line Test code line
721  */
722 static void x509_certificate_okx ( struct x509_test_certificate *crt,
723  const char *file, unsigned int line ) {
724 
725  okx ( x509_certificate ( crt->data, crt->len, &crt->cert ) == 0,
726  file, line );
727 }
728 #define x509_certificate_ok( crt ) \
729  x509_certificate_okx ( crt, __FILE__, __LINE__ )
730 
731 /**
732  * Report cached certificate parsing test result
733  *
734  * @v crt Test certificate
735  * @v file Test code file
736  * @v line Test code line
737  */
738 static void x509_cached_okx ( struct x509_test_certificate *crt,
739  const char *file, unsigned int line ) {
740  struct x509_certificate *temp;
741 
742  okx ( x509_certificate ( crt->data, crt->len, &temp ) == 0,
743  file, line );
744  okx ( temp == crt->cert, file, line );
745  x509_put ( temp );
746 }
747 #define x509_cached_ok( crt ) x509_cached_okx ( crt, __FILE__, __LINE__ )
748 
749 /**
750  * Report certificate fingerprint test result
751  *
752  * @v crt Test certificate
753  * @v file Test code file
754  * @v line Test code line
755  */
756 static void x509_fingerprint_okx ( struct x509_test_certificate *crt,
757  const char *file, unsigned int line ) {
758  uint8_t fingerprint[ x509_test_algorithm.digestsize ];
759 
760  x509_fingerprint ( crt->cert, &x509_test_algorithm, fingerprint );
761  okx ( memcmp ( fingerprint, crt->fingerprint,
762  sizeof ( fingerprint ) ) == 0, file, line );
763 }
764 #define x509_fingerprint_ok( crt ) \
765  x509_fingerprint_okx ( crt, __FILE__, __LINE__ )
766 
767 /**
768  * Report certificate issuer validation test result
769  *
770  * @v crt Test certificate
771  * @v issuer Test issuer
772  * @v file Test code file
773  * @v line Test code line
774  */
775 static void x509_check_issuer_okx ( struct x509_test_certificate *crt,
776  struct x509_test_certificate *issuer,
777  const char *file, unsigned int line ) {
778 
779  okx ( x509_check_issuer ( crt->cert, issuer->cert ) == 0, file, line );
780 }
781 #define x509_check_issuer_ok( crt, issuer ) \
782  x509_check_issuer_okx ( crt, issuer, __FILE__, __LINE__ )
783 
784 /**
785  * Report certificate issuer validation failure test result
786  *
787  * @v crt Test certificate
788  * @v issuer Test issuer
789  * @v file Test code file
790  * @v line Test code line
791  */
792 static void x509_check_issuer_fail_okx ( struct x509_test_certificate *crt,
793  struct x509_test_certificate *issuer,
794  const char *file, unsigned int line ) {
795 
796  okx ( x509_check_issuer ( crt->cert, issuer->cert ) != 0,
797  file, line );
798 }
799 #define x509_check_issuer_fail_ok( crt, issuer ) \
800  x509_check_issuer_fail_okx ( crt, issuer, __FILE__, __LINE__ )
801 
802 /**
803  * Report certificate root validation test result
804  *
805  * @v crt Test certificate
806  * @v root Test root certificate store
807  * @v file Test code file
808  * @v line Test code line
809  */
810 static void x509_check_root_okx ( struct x509_test_certificate *crt,
811  struct x509_root *root, const char *file,
812  unsigned int line ) {
813 
814  okx ( x509_check_root ( crt->cert, root ) == 0, file, line );
815 }
816 #define x509_check_root_ok( crt, root ) \
817  x509_check_root_okx ( crt, root, __FILE__, __LINE__ )
818 
819 /**
820  * Report certificate root validation failure test result
821  *
822  * @v crt Test certificate
823  * @v root Test root certificate store
824  * @v file Test code file
825  * @v line Test code line
826  */
827 static void x509_check_root_fail_okx ( struct x509_test_certificate *crt,
828  struct x509_root *root,
829  const char *file, unsigned int line ) {
830 
831  okx ( x509_check_root ( crt->cert, root ) != 0, file, line );
832 }
833 #define x509_check_root_fail_ok( crt, root ) \
834  x509_check_root_fail_okx ( crt, root, __FILE__, __LINE__ )
835 
836 /**
837  * Report certificate time validation test result
838  *
839  * @v crt Test certificate
840  * @v time Test time
841  * @v file Test code file
842  * @v line Test code line
843  */
844 static void x509_check_time_okx ( struct x509_test_certificate *crt,
845  time_t time, const char *file,
846  unsigned int line ) {
847 
848  okx ( x509_check_time ( crt->cert, time ) == 0, file, line );
849 }
850 #define x509_check_time_ok( crt, time ) \
851  x509_check_time_okx ( crt, time, __FILE__, __LINE__ )
852 
853 /**
854  * Report certificate time validation failure test result
855  *
856  * @v crt Test certificate
857  * @v time Test time
858  * @v file Test code file
859  * @v line Test code line
860  */
861 static void x509_check_time_fail_okx ( struct x509_test_certificate *crt,
862  time_t time, const char *file,
863  unsigned int line ) {
864 
865  okx ( x509_check_time ( crt->cert, time ) != 0, file, line );
866 }
867 #define x509_check_time_fail_ok( crt, time ) \
868  x509_check_time_fail_okx ( crt, time, __FILE__, __LINE__ )
869 
870 /**
871  * Report certificate name validation test result
872  *
873  * @v crt Test certificate
874  * @v name Test name
875  * @v file Test code file
876  * @v line Test code line
877  */
878 static void x509_check_name_okx ( struct x509_test_certificate *crt,
879  const char *name, const char *file,
880  unsigned int line ) {
881 
882  okx ( x509_check_name ( crt->cert, name ) == 0, file, line );
883 }
884 #define x509_check_name_ok( crt, name ) \
885  x509_check_name_okx ( crt, name, __FILE__, __LINE__ )
886 
887 /**
888  * Report certificate name validation failure test result
889  *
890  * @v crt Test certificate
891  * @v name Test name
892  * @v file Test code file
893  * @v line Test code line
894  */
895 static void x509_check_name_fail_okx ( struct x509_test_certificate *crt,
896  const char *name, const char *file,
897  unsigned int line ) {
898 
899  okx ( x509_check_name ( crt->cert, name ) != 0, file, line );
900 }
901 #define x509_check_name_fail_ok( crt, name ) \
902  x509_check_name_fail_okx ( crt, name, __FILE__, __LINE__ )
903 
904 /**
905  * Report certificate chain parsing test result
906  *
907  * @v chn Test certificate chain
908  * @v file Test code file
909  * @v line Test code line
910  */
911 static void x509_chain_okx ( struct x509_test_chain *chn, const char *file,
912  unsigned int line ) {
913  unsigned int i;
914  struct x509_certificate *first;
915 
916  chn->chain = x509_alloc_chain();
917  okx ( chn->chain != NULL, file, line );
918  for ( i = 0 ; i < chn->count ; i++ ) {
919  okx ( x509_append ( chn->chain, chn->certs[i]->cert ) == 0,
920  file, line );
921  }
922  first = x509_first ( chn->chain );
923  okx ( first != NULL, file, line );
924  okx ( first->raw.len == chn->certs[0]->len, file, line );
925  okx ( memcmp ( first->raw.data, chn->certs[0]->data,
926  first->raw.len ) == 0, file, line );
927 }
928 #define x509_chain_ok( chn ) \
929  x509_chain_okx ( chn, __FILE__, __LINE__ )
930 
931 /**
932  * Report certificate chain validation test result
933  *
934  * @v chn Test certificate chain
935  * @v time Test certificate validation time
936  * @v store Test certificate store
937  * @v root Test root certificate list
938  * @v file Test code file
939  * @v line Test code line
940  */
941 static void x509_validate_chain_okx ( struct x509_test_chain *chn, time_t time,
942  struct x509_chain *store,
943  struct x509_root *root, const char *file,
944  unsigned int line ) {
945 
946  x509_invalidate_chain ( chn->chain );
947  okx ( x509_validate_chain ( chn->chain, time, store, root ) == 0,
948  file, line );
949  okx ( x509_is_valid ( chn->certs[0]->cert, root ),
950  file, line );
951  okx ( ! x509_is_valid ( chn->certs[0]->cert, &dummy_root ),
952  file, line );
953 }
954 #define x509_validate_chain_ok( chn, time, store, root ) \
955  x509_validate_chain_okx ( chn, time, store, root, __FILE__, __LINE__ )
956 
957 /**
958  * Report certificate chain validation failure test result
959  *
960  * @v chn Test certificate chain
961  * @v time Test certificate validation time
962  * @v store Test certificate store
963  * @v root Test root certificate list
964  * @v file Test code file
965  * @v line Test code line
966  */
967 static void x509_validate_chain_fail_okx ( struct x509_test_chain *chn,
968  time_t time,
969  struct x509_chain *store,
970  struct x509_root *root,
971  const char *file,
972  unsigned int line ) {
973 
974  x509_invalidate_chain ( chn->chain );
975  okx ( x509_validate_chain ( chn->chain, time, store, root ) != 0,
976  file, line );
977 }
978 #define x509_validate_chain_fail_ok( chn, time, store, root ) \
979  x509_validate_chain_fail_okx ( chn, time, store, root, \
980  __FILE__, __LINE__ )
981 
982 /**
983  * Perform X.509 self-tests
984  *
985  */
986 static void x509_test_exec ( void ) {
987  struct x509_link *link;
988 
989  /* Parse all certificates */
990  x509_certificate_ok ( &root_crt );
991  x509_certificate_ok ( &intermediate_crt );
992  x509_certificate_ok ( &leaf_crt );
993  x509_certificate_ok ( &useless_crt );
994  x509_certificate_ok ( &server_crt );
995  x509_certificate_ok ( &not_ca_crt );
996  x509_certificate_ok ( &bad_path_len_crt );
997 
998  /* Check cache functionality */
999  x509_cached_ok ( &root_crt );
1000  x509_cached_ok ( &intermediate_crt );
1001  x509_cached_ok ( &leaf_crt );
1002  x509_cached_ok ( &useless_crt );
1003  x509_cached_ok ( &server_crt );
1004  x509_cached_ok ( &not_ca_crt );
1005  x509_cached_ok ( &bad_path_len_crt );
1006 
1007  /* Check all certificate fingerprints */
1008  x509_fingerprint_ok ( &root_crt );
1009  x509_fingerprint_ok ( &intermediate_crt );
1010  x509_fingerprint_ok ( &leaf_crt );
1011  x509_fingerprint_ok ( &useless_crt );
1012  x509_fingerprint_ok ( &server_crt );
1013  x509_fingerprint_ok ( &not_ca_crt );
1014  x509_fingerprint_ok ( &bad_path_len_crt );
1015 
1016  /* Check pairwise issuing */
1017  x509_check_issuer_ok ( &intermediate_crt, &root_crt );
1018  x509_check_issuer_ok ( &leaf_crt, &intermediate_crt );
1019  x509_check_issuer_ok ( &useless_crt, &leaf_crt );
1020  x509_check_issuer_ok ( &server_crt, &leaf_crt );
1021  x509_check_issuer_fail_ok ( &not_ca_crt, &server_crt );
1022  x509_check_issuer_ok ( &bad_path_len_crt, &useless_crt );
1023 
1024  /* Check root certificate stores */
1025  x509_check_root_ok ( &root_crt, &test_root );
1026  x509_check_root_fail_ok ( &intermediate_crt, &test_root );
1027  x509_check_root_ok ( &intermediate_crt, &intermediate_root );
1028  x509_check_root_fail_ok ( &root_crt, &intermediate_root );
1029  x509_check_root_fail_ok ( &root_crt, &dummy_root );
1030 
1031  /* Check certificate validity periods */
1032  x509_check_time_ok ( &server_crt, test_time );
1033  x509_check_time_fail_ok ( &server_crt, test_expired );
1034  x509_check_time_ok ( &root_crt, test_time );
1035  x509_check_time_ok ( &root_crt, test_expired );
1036  x509_check_time_fail_ok ( &root_crt, test_ca_expired );
1037 
1038  /* Check certificate names */
1039  x509_check_name_ok ( &server_crt, "boot.test.ipxe.org" );
1040  x509_check_name_ok ( &server_crt, "demo.test.ipxe.org" );
1041  x509_check_name_ok ( &server_crt, "demo.test.iPXE.org" );
1042  x509_check_name_fail_ok ( &server_crt, "incorrect.test.ipxe.org" );
1043  x509_check_name_ok ( &server_crt, "anything.alt.test.ipxe.org" );
1044  x509_check_name_ok ( &server_crt, "wildcard.alt.test.ipxe.org" );
1045  x509_check_name_fail_ok ( &server_crt, "sub.domain.alt.test.ipxe.org" );
1046  x509_check_name_fail_ok ( &server_crt, "alt.test.ipxe.org" );
1047  x509_check_name_fail_ok ( &server_crt, "test.ipxe.org" );
1048  x509_check_name_fail_ok ( &server_crt, "ipxe.org" );
1049  x509_check_name_fail_ok ( &server_crt, "org" );
1050  x509_check_name_fail_ok ( &server_crt, "" );
1051  x509_check_name_ok ( &server_crt, "192.168.0.1" );
1052  x509_check_name_fail_ok ( &server_crt, "192.168.0.2" );
1053  x509_check_name_ok ( &server_crt, "fe80::69ff:fe50:5845" );
1054  x509_check_name_ok ( &server_crt, "FE80:0:0:0:0:69FF:FE50:5845" );
1055  x509_check_name_fail_ok ( &server_crt, "fe80::69ff:fe50:5846" );
1056 
1057  /* Parse all certificate chains */
1058  x509_chain_ok ( &server_chain );
1059  x509_chain_ok ( &broken_server_chain );
1060  x509_chain_ok ( &incomplete_server_chain );
1061  x509_chain_ok ( &not_ca_chain );
1062  x509_chain_ok ( &useless_chain );
1063  x509_chain_ok ( &bad_path_len_chain );
1064 
1065  /* Check certificate chains */
1066  x509_validate_chain_ok ( &server_chain, test_time,
1067  &empty_store, &test_root );
1068  x509_validate_chain_ok ( &server_chain, test_time,
1069  &empty_store, &intermediate_root );
1070  x509_validate_chain_fail_ok ( &server_chain, test_time,
1071  &empty_store, &dummy_root );
1072  x509_validate_chain_fail_ok ( &broken_server_chain, test_time,
1073  &empty_store, &test_root );
1074  x509_validate_chain_fail_ok ( &incomplete_server_chain, test_time,
1075  &empty_store, &test_root );
1076  x509_validate_chain_ok ( &incomplete_server_chain, test_time,
1077  &empty_store, &intermediate_root );
1078  x509_validate_chain_fail_ok ( &not_ca_chain, test_time,
1079  &empty_store, &test_root );
1080  x509_validate_chain_ok ( &useless_chain, test_time,
1081  &empty_store, &test_root );
1082  x509_validate_chain_fail_ok ( &bad_path_len_chain, test_time,
1083  &empty_store, &test_root );
1084 
1085  /* Check certificate chain expiry times */
1086  x509_validate_chain_fail_ok ( &server_chain, test_expired,
1087  &empty_store, &test_root );
1088  x509_validate_chain_ok ( &useless_chain, test_expired,
1089  &empty_store, &test_root );
1090  x509_validate_chain_fail_ok ( &useless_chain, test_ca_expired,
1091  &empty_store, &test_root );
1092 
1093  /* Check chain truncation */
1094  link = list_last_entry ( &server_chain.chain->links,
1095  struct x509_link, list );
1096  ok ( link->cert == root_crt.cert );
1097  link = list_prev_entry ( link, &server_chain.chain->links, list );
1098  ok ( link->cert == intermediate_crt.cert );
1099  x509_validate_chain_ok ( &server_chain, test_time,
1100  &empty_store, &test_root );
1101  x509_truncate ( server_chain.chain, link );
1102  x509_validate_chain_fail_ok ( &server_chain, test_time,
1103  &empty_store, &test_root );
1104 
1105  /* Check self-signedess */
1106  ok ( x509_is_self_signed ( root_crt.cert ) );
1107  ok ( ! x509_is_self_signed ( intermediate_crt.cert ) );
1108 
1109  /* Sanity check */
1110  assert ( list_empty ( &empty_store.links ) );
1111 
1112  /* Drop chain references */
1113  x509_chain_put ( bad_path_len_chain.chain );
1114  x509_chain_put ( useless_chain.chain );
1115  x509_chain_put ( not_ca_chain.chain );
1116  x509_chain_put ( incomplete_server_chain.chain );
1117  x509_chain_put ( broken_server_chain.chain );
1118  x509_chain_put ( server_chain.chain );
1119 
1120  /* Drop certificate references */
1121  x509_put ( bad_path_len_crt.cert );
1122  x509_put ( not_ca_crt.cert );
1123  x509_put ( server_crt.cert );
1124  x509_put ( useless_crt.cert );
1125  x509_put ( leaf_crt.cert );
1126  x509_put ( intermediate_crt.cert );
1127  x509_put ( root_crt.cert );
1128 }
1129 
1130 /** X.509 self-test */
1131 struct self_test x509_test __self_test = {
1132  .name = "x509",
1133  .exec = x509_test_exec,
1134 };
1135 
1136 /* Drag in algorithms required for tests */
1137 REQUIRING_SYMBOL ( x509_test );
1138 REQUIRE_OBJECT ( rsa );
1139 REQUIRE_OBJECT ( sha1 );
1140 REQUIRE_OBJECT ( sha256 );
1141 REQUIRE_OBJECT ( ipv4 );
1142 REQUIRE_OBJECT ( ipv6 );
test_ca_expired
static time_t test_ca_expired
Time at which CA test certificates are invalid.
Definition: x509_test.c:713
test_expired
static time_t test_expired
Time at which end-entity test certificates are invalid.
Definition: x509_test.c:710
x509_chain_put
static void x509_chain_put(struct x509_chain *chain)
Drop reference to X.509 certificate chain.
Definition: x509.h:299
x509_check_name_okx
static void x509_check_name_okx(struct x509_test_certificate *crt, const char *name, const char *file, unsigned int line)
Report certificate name validation test result.
Definition: x509_test.c:878
x509_check_issuer_ok
#define x509_check_issuer_ok(crt, issuer)
Definition: x509_test.c:781
name
const char * name
Definition: ath9k_hw.c:1984
intermediate_root
static struct x509_root intermediate_root
Root certificate list containing the iPXE self-test intermediate CA.
Definition: x509_test.c:684
x509_check_name_fail_okx
static void x509_check_name_fail_okx(struct x509_test_certificate *crt, const char *name, const char *file, unsigned int line)
Report certificate name validation failure test result.
Definition: x509_test.c:895
x509_check_root_okx
static void x509_check_root_okx(struct x509_test_certificate *crt, struct x509_root *root, const char *file, unsigned int line)
Report certificate root validation test result.
Definition: x509_test.c:810
x509_certificate_ok
#define x509_certificate_ok(crt)
Definition: x509_test.c:728
CERTIFICATE
#define CERTIFICATE(name, DATA, FINGERPRINT)
Define a test certificate.
Definition: x509_test.c:77
dummy_fingerprint
static uint8_t dummy_fingerprint[]
Dummy fingerprint (not matching any certificates)
Definition: x509_test.c:692
x509_test_certificate::len
size_t len
Length of data.
Definition: x509_test.c:51
x509_validate_chain_ok
#define x509_validate_chain_ok(chn, time, store, root)
Definition: x509_test.c:954
x509_test_certificate::cert
struct x509_certificate * cert
Parsed certificate.
Definition: x509_test.c:56
x509_check_root_ok
#define x509_check_root_ok(crt, root)
Definition: x509_test.c:816
root
struct stp_switch root
Root switch.
Definition: stp.h:26
x509_chain::links
struct list_head links
List of links.
Definition: x509.h:204
x509_root::refcnt
struct refcnt refcnt
Reference count.
Definition: x509.h:376
first
uint32_t first
First block in range.
Definition: pccrr.h:14
errno.h
Error codes.
__self_test
struct self_test x509_test __self_test
X.509 self-test.
Definition: x509_test.c:1131
x509_test_algorithm
#define x509_test_algorithm
Fingerprint algorithm used for X.509 test certificates.
Definition: x509_test.c:44
x509_check_name
int x509_check_name(struct x509_certificate *cert, const char *name)
Check X.509 certificate name.
Definition: x509.c:1561
x509_link::list
struct list_head list
List of links.
Definition: x509.h:172
x509_certificate::issuer
struct x509_issuer issuer
Issuer.
Definition: x509.h:240
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
x509_append
int x509_append(struct x509_chain *chain, struct x509_certificate *cert)
Append X.509 certificate to X.509 certificate chain.
Definition: x509.c:1635
x509_alloc_chain
struct x509_chain * x509_alloc_chain(void)
Allocate X.509 certificate chain.
Definition: x509.c:1612
test.h
Self-test infrastructure.
self_test::name
const char * name
Test set name.
Definition: test.h:17
x509_fingerprint_okx
static void x509_fingerprint_okx(struct x509_test_certificate *crt, const char *file, unsigned int line)
Report certificate fingerprint test result.
Definition: x509_test.c:756
x509_truncate
void x509_truncate(struct x509_chain *chain, struct x509_link *link)
Truncate X.509 certificate chain.
Definition: x509.c:1690
x509_is_valid
int x509_is_valid(struct x509_certificate *cert, struct x509_root *root)
Check if X.509 certificate is valid.
Definition: x509.c:1310
x509_test_chain::chain
struct x509_chain * chain
Parsed certificate chain.
Definition: x509_test.c:67
self_test
A self-test set.
Definition: test.h:15
list_last_entry
#define list_last_entry(list, type, member)
Get the container of the last entry in a list.
Definition: list.h:346
x509_validate_chain_fail_ok
#define x509_validate_chain_fail_ok(chn, time, store, root)
Definition: x509_test.c:978
x509_check_issuer_fail_ok
#define x509_check_issuer_fail_ok(crt, issuer)
Definition: x509_test.c:799
CHAIN
#define CHAIN(name,...)
Define a test certificate chain.
Definition: x509_test.c:87
list_empty
#define list_empty(list)
Test whether a list is empty.
Definition: list.h:136
x509_is_self_signed
static int x509_is_self_signed(struct x509_certificate *cert)
Check if X.509 certificate is self-signed.
Definition: x509.h:413
x509_chain
An X.509 certificate chain.
Definition: x509.h:200
x509_check_time_okx
static void x509_check_time_okx(struct x509_test_certificate *crt, time_t time, const char *file, unsigned int line)
Report certificate time validation test result.
Definition: x509_test.c:844
okx
#define okx(success, file, line)
Report test result.
Definition: test.h:44
x509_test_chain::count
unsigned int count
Number of certificates.
Definition: x509_test.c:64
assert
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
x509_check_issuer_fail_okx
static void x509_check_issuer_fail_okx(struct x509_test_certificate *crt, struct x509_test_certificate *issuer, const char *file, unsigned int line)
Report certificate issuer validation failure test result.
Definition: x509_test.c:792
asn1.h
ASN.1 encoding.
test_root
static struct x509_root test_root
Root certificate list containing the iPXE self-test root CA.
Definition: x509_test.c:676
dummy_root
static struct x509_root dummy_root
Certificate store containing a dummy fingerprint.
Definition: x509_test.c:699
link
u32 link
Link to next descriptor.
Definition: ar9003_mac.h:68
x509_chain_okx
static void x509_chain_okx(struct x509_test_chain *chn, const char *file, unsigned int line)
Report certificate chain parsing test result.
Definition: x509_test.c:911
x509_validate_chain
int x509_validate_chain(struct x509_chain *chain, time_t time, struct x509_chain *store, struct x509_root *root)
Validate X.509 certificate chain.
Definition: x509.c:1894
x509_check_root
int x509_check_root(struct x509_certificate *cert, struct x509_root *root)
Check X.509 root certificate.
Definition: x509.c:1252
x509_link
A link in an X.509 certificate chain.
Definition: x509.h:170
x509_certificate
An X.509 certificate.
Definition: x509.h:215
list_prev_entry
#define list_prev_entry(pos, head, member)
Get the container of the previous entry in a list.
Definition: list.h:373
x509_certificate_okx
static void x509_certificate_okx(struct x509_test_certificate *crt, const char *file, unsigned int line)
Report certificate parsing test result.
Definition: x509_test.c:722
x509_fingerprint_ok
#define x509_fingerprint_ok(crt)
Definition: x509_test.c:764
x509_test_exec
static void x509_test_exec(void)
Perform X.509 self-tests.
Definition: x509_test.c:986
uint8_t
unsigned char uint8_t
Definition: stdint.h:10
root_crt_fingerprint
static uint8_t root_crt_fingerprint[]
iPXE self-test root CA certificate
Definition: cms_test.c:1590
x509.h
X.509 certificates.
x509_cached_okx
static void x509_cached_okx(struct x509_test_certificate *crt, const char *file, unsigned int line)
Report cached certificate parsing test result.
Definition: x509_test.c:738
REQUIRE_OBJECT
REQUIRE_OBJECT(rsa)
x509_fingerprint
void x509_fingerprint(struct x509_certificate *cert, struct digest_algorithm *digest, void *fingerprint)
Calculate X.509 certificate fingerprint.
Definition: x509.c:1234
x509_check_name_fail_ok
#define x509_check_name_fail_ok(crt, name)
Definition: x509_test.c:901
x509_test_chain
An X.509 test certificate chain.
Definition: x509_test.c:60
DATA
#define DATA(...)
Define inline certificate data.
Definition: x509_test.c:71
x509_root
An X.509 root certificate list.
Definition: x509.h:374
x509_test_certificate::fingerprint
const void * fingerprint
Fingerprint.
Definition: x509_test.c:53
x509_test_chain::certs
struct x509_test_certificate ** certs
Test certificates.
Definition: x509_test.c:62
x509_put
static void x509_put(struct x509_certificate *cert)
Drop reference to X.509 certificate.
Definition: x509.h:277
x509_first
static struct x509_certificate * x509_first(struct x509_chain *chain)
Get first certificate in X.509 certificate chain.
Definition: x509.h:310
FINGERPRINT
#define FINGERPRINT(...)
Define inline fingerprint data.
Definition: x509_test.c:74
x509_check_issuer
int x509_check_issuer(struct x509_certificate *cert, struct x509_certificate *issuer)
Check X.509 certificate against issuer certificate.
Definition: x509.c:1174
x509_check_time_ok
#define x509_check_time_ok(crt, time)
Definition: x509_test.c:850
x509_certificate::store
struct x509_link store
Link in certificate store.
Definition: x509.h:220
REF_INIT
#define REF_INIT(free_fn)
Initialise a static reference counter.
Definition: refcnt.h:77
x509_invalidate_chain
static void x509_invalidate_chain(struct x509_chain *chain)
Invalidate X.509 certificate chain.
Definition: x509.h:480
x509_check_root_fail_ok
#define x509_check_root_fail_ok(crt, root)
Definition: x509_test.c:833
x509_check_time_fail_ok
#define x509_check_time_fail_ok(crt, time)
Definition: x509_test.c:867
x509_check_issuer_okx
static void x509_check_issuer_okx(struct x509_test_certificate *crt, struct x509_test_certificate *issuer, const char *file, unsigned int line)
Report certificate issuer validation test result.
Definition: x509_test.c:775
x509_validate_chain_fail_okx
static void x509_validate_chain_fail_okx(struct x509_test_chain *chn, time_t time, struct x509_chain *store, struct x509_root *root, const char *file, unsigned int line)
Report certificate chain validation failure test result.
Definition: x509_test.c:967
LIST_HEAD_INIT
#define LIST_HEAD_INIT(list)
Initialise a static list head.
Definition: list.h:30
x509_validate_chain_okx
static void x509_validate_chain_okx(struct x509_test_chain *chn, time_t time, struct x509_chain *store, struct x509_root *root, const char *file, unsigned int line)
Report certificate chain validation test result.
Definition: x509_test.c:941
time_t
int64_t time_t
Seconds since the Epoch.
Definition: time.h:18
x509_cached_ok
#define x509_cached_ok(crt)
Definition: x509_test.c:747
REQUIRING_SYMBOL
REQUIRING_SYMBOL(x509_test)
test_time
static time_t test_time
Time at which all test certificates are valid.
Definition: x509_test.c:707
ok
#define ok(success)
Definition: test.h:46
x509_check_name_ok
#define x509_check_name_ok(crt, name)
Definition: x509_test.c:884
x509_check_time_fail_okx
static void x509_check_time_fail_okx(struct x509_test_certificate *crt, time_t time, const char *file, unsigned int line)
Report certificate time validation failure test result.
Definition: x509_test.c:861
memcmp
int memcmp(const void *first, const void *second, size_t len)
Compare memory regions.
Definition: string.c:114
sha256.h
SHA-256 algorithm.
empty_store
static struct x509_chain empty_store
Empty certificate store.
Definition: x509_test.c:670
ref_no_free
void ref_no_free(struct refcnt *refcnt __unused)
Do not free reference-counted object.
Definition: refcnt.c:101
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
string.h
String functions.
x509_check_time
int x509_check_time(struct x509_certificate *cert, time_t time)
Check X.509 certificate validity period.
Definition: x509.c:1284
x509_chain::refcnt
struct refcnt refcnt
Reference count.
Definition: x509.h:202
x509_test_certificate::data
const void * data
Data.
Definition: x509_test.c:49
x509_test_certificate
An X.509 test certificate.
Definition: x509_test.c:47
x509_check_root_fail_okx
static void x509_check_root_fail_okx(struct x509_test_certificate *crt, struct x509_root *root, const char *file, unsigned int line)
Report certificate root validation failure test result.
Definition: x509_test.c:827
x509_chain_ok
#define x509_chain_ok(chn)
Definition: x509_test.c:928
Generated by   doxygen 1.8.15