Improve x509xrite_csr testing: extensions, version

2014-03-28 14:03:22 +01:00 · 2014-03-28 14:03:22 +01:00 · 6c1a73e061
commit 6c1a73e061
parent c5ce83a3b8
3 changed files with 46 additions and 6 deletions
--- a/tests/data_files/server1.v1.crt
+++ b/tests/data_files/server1.v1.crt
@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9DCCAdygAwIBAAIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+owIwADANBgkqhkiG9w0BAQUFAAOCAQEAoZVuVi7bIslKgMJhejSFXiO+ICMz1fmK
+b0tPN68mRYhI/gsjRT0cmX6GUNrg+U5mcBWhMwHgyvx1CARU4YToKZxcXGNL0DPd
+Z1hF8nCrJCZBQvNuWE7s0ufw92xz5ZfuKkVxi94RYR529F6gzgl4rpX8UQVu2ym/
+9pTlHKr4MKi9LNppyJMS89uRcb2FJFMdhAKbhNtbIjI9qGZ7x//0belAaWhq389u
+6XWFnZt35PU6Zz6YbAQ5pjZYsTaohuufgrpOlFPUuc4uR+RfGHIQ6id12lZaQC2m
+OFIBDcU0x1cFfPfMgVdBLf6klPt/v/tD77mwx0eztSp28NIf+ACw8A==
+-----END CERTIFICATE-----
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@ -44,4 +44,16 @@ x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":POLARSS

 Certificate write check Server1 SHA1
 depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:"data_files/server1.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:-1:"data_files/server1.crt"
+
+Certificate write check Server1 SHA1, key_usage
+depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT:0:-1:"data_files/server1.key_usage.crt"
+
+Certificate write check Server1 SHA1, ns_cert_type
+depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:NS_CERT_TYPE_SSL_SERVER:-1:"data_files/server1.cert_type.crt"
+
+Certificate write check Server1 SHA1, version 1
+depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:X509_CRT_VERSION_1:"data_files/server1.v1.crt"
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@ -62,7 +62,8 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
                     char *subject_name, char *issuer_key_file,
                     char *issuer_pwd, char *issuer_name,
                     char *serial_str, char *not_before, char *not_after,
-                     int md_type, char *cert_check_file )
+                     int md_type, int key_usage, int cert_type, int ver,
+                     char *cert_check_file )
 {
    pk_context subject_key, issuer_key;
    x509write_cert crt;
@ -86,7 +87,9 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
    TEST_ASSERT( mpi_read_string( &serial, 10, serial_str ) == 0 );

    x509write_crt_init( &crt );
-    x509write_crt_set_serial( &crt, &serial );
+    if( ver != -1 )
+        x509write_crt_set_version( &crt, ver );
+    TEST_ASSERT( x509write_crt_set_serial( &crt, &serial ) == 0 );
    TEST_ASSERT( x509write_crt_set_validity( &crt, not_before,
                                                   not_after ) == 0 );
    x509write_crt_set_md_alg( &crt, md_type );
@ -95,9 +98,16 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
    x509write_crt_set_subject_key( &crt, &subject_key );
    x509write_crt_set_issuer_key( &crt, &issuer_key );

-    TEST_ASSERT( x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 );
-    TEST_ASSERT( x509write_crt_set_subject_key_identifier( &crt ) == 0 );
-    TEST_ASSERT( x509write_crt_set_authority_key_identifier( &crt ) == 0 );
+    if( crt.version >= X509_CRT_VERSION_3 )
+    {
+        TEST_ASSERT( x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 );
+        TEST_ASSERT( x509write_crt_set_subject_key_identifier( &crt ) == 0 );
+        TEST_ASSERT( x509write_crt_set_authority_key_identifier( &crt ) == 0 );
+        if( key_usage != 0 )
+            TEST_ASSERT( x509write_crt_set_key_usage( &crt, key_usage ) == 0 );
+        if( cert_type != 0 )
+            TEST_ASSERT( x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 );
+    }

    ret = x509write_crt_pem( &crt, buf, sizeof(buf),
                             rnd_pseudo_rand, &rnd_info );