From c5ce83a3b8a9cf98c5e3e0b4d009839067a8f6d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 28 Mar 2014 12:46:44 +0100 Subject: [PATCH] Improve x509xrite_csr testing: extensions, ECDSA --- tests/data_files/server1.req.cert_type | 17 ++++++++++++ tests/data_files/server1.req.key_usage | 17 ++++++++++++ tests/data_files/server1.req.ku-ct | 17 ++++++++++++ tests/data_files/server5.req.ku.sha1 | 8 ++++++ tests/suites/test_suite_x509write.data | 30 +++++++++++++++++----- tests/suites/test_suite_x509write.function | 8 ++++-- 6 files changed, 88 insertions(+), 9 deletions(-) create mode 100644 tests/data_files/server1.req.cert_type create mode 100644 tests/data_files/server1.req.key_usage create mode 100644 tests/data_files/server1.req.ku-ct create mode 100644 tests/data_files/server5.req.ku.sha1 diff --git a/tests/data_files/server1.req.cert_type b/tests/data_files/server1.req.cert_type new file mode 100644 index 000000000..5677f32be --- /dev/null +++ b/tests/data_files/server1.req.cert_type @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICpTCCAY0CAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow +GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAkMCIGCSqGSIb3DQEJDjEV +MBMwEQYJYIZIAYb4QgEBBAQDAgBAMA0GCSqGSIb3DQEBBQUAA4IBAQB95Pkjpg/N +Jbgl5nZcAk8maGMpUFlrhJS4kGutQKZugNX9v8cfABW905IHYXV1dm6zxVcyeqZM +FiOgbV943fu5JbufoazdYXnnR2/iKMigqX4CzZrK3F5ZzegxkfDIfDrn/shC+rWb +SS5WBVLJ3QNj9vwn3/b66IRbp/ViOwHx7+9JT4K/rLId/ynjYf2T57AsmNd/jptc +Zs19fGgtrUXweWkliEZN2zE47Cc53jkx6+Li4TNs4Bjk5P/aXrCP0fBwgGt2K6YW +dQ/nr0PwIbXzVlgUukSTHkJJfhF4Y/WqcUfOPrRdw+zxOLusJ9nzJBR0FOohcBxM +kPBVna0dze/o +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.req.key_usage b/tests/data_files/server1.req.key_usage new file mode 100644 index 000000000..053aed909 --- /dev/null +++ b/tests/data_files/server1.req.key_usage @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICnzCCAYcCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow +GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAeMBwGCSqGSIb3DQEJDjEP +MA0wCwYDVR0PBAQDAgHgMA0GCSqGSIb3DQEBBQUAA4IBAQCj6jCu0wE5OQ1JGQwZ +FNwPqZrvKntSq2yLIbgmGxwlvDLxOzn0KmidSFiKRqh0KXwj9siodlz5C0d9tUqq +7xUXg+j+wDHqUV8zo42Jke+UmWXFPpnXx/fDFGTITdLSn8ZDxkt31ESLTEVZvPFD +odm+C+zWJtKpyL+9op4KvyBQ1MZ9nWZpwMaK4g4mdtOIsz75gMa74w8ZT7VzhGMY +cZGmafsl7x++GDDtf0oCPgrj9xy+Ovv/GyUBaB+6lweflTfPDTRSoN0meFlP5ynF +vqcBM5JKH2FUQIizfc9o6Z8tKxe9FCov3x8szAuoMRA7bjhVngeQIrEkTcaQBvBY +NalC +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.req.ku-ct b/tests/data_files/server1.req.ku-ct new file mode 100644 index 000000000..0e057d58a --- /dev/null +++ b/tests/data_files/server1.req.ku-ct @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICsjCCAZoCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow +GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAxMC8GCSqGSIb3DQEJDjEi +MCAwCwYDVR0PBAQDAgHgMBEGCWCGSAGG+EIBAQQEAwIAQDANBgkqhkiG9w0BAQUF +AAOCAQEANlNG9hW852OzVKj2Z8TtU9jxstAoSCH9yc9Coj4Vw2TTjs1zcuBWsMl1 +2bf2I6ZvEH6ZhcQY7i7nyHQyPlqE4l6U9D8ct967QN7smuAHNY2HiQ2++eCBTHck +PdtGJAzIvNlXcoqNi8UC5fGepNtI1usNo41SKMvbg6nGA5gdcQKk7CVlk8lrD0qI +Xn/HvjSRoDE4ZGxAtNvPXWorGSxtgcy8EMPoXVUab5fNt8q//x/NQ4yEQKPrexmR +IuOiQ8VW8QZtkORGpZbGSvskU0WfKANui4zCcXYRc4mVR4Wf0C+fyHeihhjslSnT +RbC7nQn5HSHp31qJlr80QodywaK1Dg== +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server5.req.ku.sha1 b/tests/data_files/server5.req.ku.sha1 new file mode 100644 index 000000000..7556d1a05 --- /dev/null +++ b/tests/data_files/server5.req.ku.sha1 @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBFjCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGjAY +BgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/6i/SNF1d +Fr2KiMJrdw1VzYoqDvoByLTt/6AeMBwGCSqGSIb3DQEJDjEPMA0wCwYDVR0PBAQD +AgHAMAsGByqGSM49BAEFAANIADBFAiBjnnD7nwsFnCL+MpPPFJE3K/Tgj+5rAgXj +e5UejDX2CAIhAKdbigWJL/ZatvG9CFHq7ykrRns2x8JEXehWu8DsXdx9 +-----END CERTIFICATE REQUEST----- diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 1b2754ee5..fdc72322d 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -1,30 +1,46 @@ Certificate Request check Server1 SHA1 depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 -x509_csr_check:"data_files/server1.key":POLARSSL_MD_SHA1:"data_files/server1.req.sha1" +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":POLARSSL_MD_SHA1:0:0 Certificate Request check Server1 SHA224 depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 -x509_csr_check:"data_files/server1.key":POLARSSL_MD_SHA224:"data_files/server1.req.sha224" +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":POLARSSL_MD_SHA224:0:0 Certificate Request check Server1 SHA256 depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 -x509_csr_check:"data_files/server1.key":POLARSSL_MD_SHA256:"data_files/server1.req.sha256" +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":POLARSSL_MD_SHA256:0:0 Certificate Request check Server1 SHA384 depends_on:POLARSSL_SHA512_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 -x509_csr_check:"data_files/server1.key":POLARSSL_MD_SHA384:"data_files/server1.req.sha384" +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":POLARSSL_MD_SHA384:0:0 Certificate Request check Server1 SHA512 depends_on:POLARSSL_SHA512_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 -x509_csr_check:"data_files/server1.key":POLARSSL_MD_SHA512:"data_files/server1.req.sha512" +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":POLARSSL_MD_SHA512:0:0 Certificate Request check Server1 MD4 depends_on:POLARSSL_MD4_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 -x509_csr_check:"data_files/server1.key":POLARSSL_MD_MD4:"data_files/server1.req.md4" +x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":POLARSSL_MD_MD4:0:0 Certificate Request check Server1 MD5 depends_on:POLARSSL_MD5_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 -x509_csr_check:"data_files/server1.key":POLARSSL_MD_MD5:"data_files/server1.req.md5" +x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":POLARSSL_MD_MD5:0:0 + +Certificate Request check Server1 key_usage +depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":POLARSSL_MD_SHA1:KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT:0 + +Certificate Request check Server1 ns_cert_type +depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":POLARSSL_MD_SHA1:0:NS_CERT_TYPE_SSL_SERVER + +Certificate Request check Server1 key_usage + ns_cert_type +depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":POLARSSL_MD_SHA1:KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT:NS_CERT_TYPE_SSL_SERVER + +Certificate Request check Server5 ECDSA, key_usage +depends_on:POLARSSL_SHA1_C:POLARSSL_ECDSA_C:POLARSSL_ECDSA_DETERMINISTIC +x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":POLARSSL_MD_SHA1:KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION:0 Certificate write check Server1 SHA1 depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index ca097e7ad..e2055192a 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -11,8 +11,8 @@ */ /* BEGIN_CASE depends_on:POLARSSL_PEM_WRITE_C:POLARSSL_X509_CSR_WRITE_C */ -void x509_csr_check( char *key_file, int md_type, - char *cert_req_check_file ) +void x509_csr_check( char *key_file, char *cert_req_check_file, + int md_type, int key_usage, int cert_type ) { pk_context key; x509write_csr req; @@ -33,6 +33,10 @@ void x509_csr_check( char *key_file, int md_type, x509write_csr_set_md_alg( &req, md_type ); x509write_csr_set_key( &req, &key ); TEST_ASSERT( x509write_csr_set_subject_name( &req, subject_name ) == 0 ); + if( key_usage != 0 ) + TEST_ASSERT( x509write_csr_set_key_usage( &req, key_usage ) == 0 ); + if( cert_type != 0 ) + TEST_ASSERT( x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 ); ret = x509write_csr_pem( &req, buf, sizeof(buf), rnd_pseudo_rand, &rnd_info );