diff --git a/tests/data_files/server1.v1.crt b/tests/data_files/server1.v1.crt new file mode 100644 index 000000000..0a4b2a5cc --- /dev/null +++ b/tests/data_files/server1.v1.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC9DCCAdygAwIBAAIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +owIwADANBgkqhkiG9w0BAQUFAAOCAQEAoZVuVi7bIslKgMJhejSFXiO+ICMz1fmK +b0tPN68mRYhI/gsjRT0cmX6GUNrg+U5mcBWhMwHgyvx1CARU4YToKZxcXGNL0DPd +Z1hF8nCrJCZBQvNuWE7s0ufw92xz5ZfuKkVxi94RYR529F6gzgl4rpX8UQVu2ym/ +9pTlHKr4MKi9LNppyJMS89uRcb2FJFMdhAKbhNtbIjI9qGZ7x//0belAaWhq389u +6XWFnZt35PU6Zz6YbAQ5pjZYsTaohuufgrpOlFPUuc4uR+RfGHIQ6id12lZaQC2m +OFIBDcU0x1cFfPfMgVdBLf6klPt/v/tD77mwx0eztSp28NIf+ACw8A== +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index fdc72322d..04a24deb5 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -44,4 +44,16 @@ x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":POLARSS Certificate write check Server1 SHA1 depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:"data_files/server1.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:-1:"data_files/server1.crt" + +Certificate write check Server1 SHA1, key_usage +depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT:0:-1:"data_files/server1.key_usage.crt" + +Certificate write check Server1 SHA1, ns_cert_type +depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:NS_CERT_TYPE_SSL_SERVER:-1:"data_files/server1.cert_type.crt" + +Certificate write check Server1 SHA1, version 1 +depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:X509_CRT_VERSION_1:"data_files/server1.v1.crt" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index e2055192a..0cea5f949 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -62,7 +62,8 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, char *subject_name, char *issuer_key_file, char *issuer_pwd, char *issuer_name, char *serial_str, char *not_before, char *not_after, - int md_type, char *cert_check_file ) + int md_type, int key_usage, int cert_type, int ver, + char *cert_check_file ) { pk_context subject_key, issuer_key; x509write_cert crt; @@ -86,7 +87,9 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, TEST_ASSERT( mpi_read_string( &serial, 10, serial_str ) == 0 ); x509write_crt_init( &crt ); - x509write_crt_set_serial( &crt, &serial ); + if( ver != -1 ) + x509write_crt_set_version( &crt, ver ); + TEST_ASSERT( x509write_crt_set_serial( &crt, &serial ) == 0 ); TEST_ASSERT( x509write_crt_set_validity( &crt, not_before, not_after ) == 0 ); x509write_crt_set_md_alg( &crt, md_type ); @@ -95,9 +98,16 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, x509write_crt_set_subject_key( &crt, &subject_key ); x509write_crt_set_issuer_key( &crt, &issuer_key ); - TEST_ASSERT( x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 ); - TEST_ASSERT( x509write_crt_set_subject_key_identifier( &crt ) == 0 ); - TEST_ASSERT( x509write_crt_set_authority_key_identifier( &crt ) == 0 ); + if( crt.version >= X509_CRT_VERSION_3 ) + { + TEST_ASSERT( x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 ); + TEST_ASSERT( x509write_crt_set_subject_key_identifier( &crt ) == 0 ); + TEST_ASSERT( x509write_crt_set_authority_key_identifier( &crt ) == 0 ); + if( key_usage != 0 ) + TEST_ASSERT( x509write_crt_set_key_usage( &crt, key_usage ) == 0 ); + if( cert_type != 0 ) + TEST_ASSERT( x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 ); + } ret = x509write_crt_pem( &crt, buf, sizeof(buf), rnd_pseudo_rand, &rnd_info );