- Added test coverage for X509parse
- Fixed segfault in rsa_check_privkey() and rsa_check_pubkey() and added test
diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data
index 358b753..3322b7a 100644
--- a/tests/suites/test_suite_rsa.data
+++ b/tests/suites/test_suite_rsa.data
@@ -121,5 +121,8 @@
RSA PKCS1 Decrypt #1 (Verify)
rsa_pkcs1_decrypt:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"4E636AF98E40F3ADCFCCB698F4E80B9F"
+RSA Check empty private key
+rsa_check_privkey_null:
+
RSA Selftest
rsa_selftest:
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index ab459e1..5e56ed5 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -180,6 +180,16 @@
END_CASE
BEGIN_CASE
+rsa_check_privkey_null:
+{
+ rsa_context ctx;
+ memset( &ctx, 0x00, sizeof( rsa_context ) );
+
+ TEST_ASSERT( rsa_check_privkey( &ctx ) == POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
+}
+END_CASE
+
+BEGIN_CASE
rsa_selftest:
{
TEST_ASSERT( rsa_self_test( 0 ) == 0 );
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
new file mode 100644
index 0000000..c256b4c
--- /dev/null
+++ b/tests/suites/test_suite_x509parse.data
@@ -0,0 +1,68 @@
+X509 Certificate information #1
+x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2009-02-09 21\:12\:35\nexpires on \: 2011-02-09 21\:12\:35\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
+
+X509 Certificate information #2
+x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2009-02-10 22\:15\:12\nexpires on \: 2011-02-10 22\:15\:12\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
+
+X509 Certificate information #2
+x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2009-02-09 21\:12\:25\nexpires on \: 2019-02-10 21\:12\:25\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
+
+X509 CRL information #1
+x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-02-09 21\:12\:36\nnext update \: 2009-04-10 21\:12\:36\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA1"
+
+X509 Parse Key #1 (No password when required)
+x509parse_key:"data_files/test-ca.key":NULL:POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED
+
+X509 Parse Key #2 (Correct password)
+x509parse_key:"data_files/test-ca.key":"PolarSSLTest":0
+
+X509 Parse Key #3 (Wrong password)
+x509parse_key:"data_files/test-ca.key":"PolarSSLWRONG":POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH
+
+X509 Get Distinguished Name #1
+x509_dn_gets:"data_files/server1.crt":subject:"C=NL, O=PolarSSL, CN=PolarSSL Server 1"
+
+X509 Get Distinguished Name #2
+x509_dn_gets:"data_files/server1.crt":issuer:"C=NL, O=PolarSSL, CN=PolarSSL Test CA"
+
+X509 Get Distinguished Name #3
+x509_dn_gets:"data_files/server2.crt":subject:"C=NL, O=PolarSSL, CN=localhost"
+
+X509 Get Distinguished Name #4
+x509_dn_gets:"data_files/server2.crt":issuer:"C=NL, O=PolarSSL, CN=PolarSSL Test CA"
+
+X509 Time Expired #1
+x509_time_expired:"data_files/server1.crt":valid_from:1
+
+X509 Time Expired #2
+x509_time_expired:"data_files/server1.crt":valid_to:0
+
+X509 Time Expired #3
+x509_time_expired:"data_files/server2.crt":valid_from:1
+
+X509 Time Expired #4
+x509_time_expired:"data_files/server2.crt":valid_to:0
+
+X509 Time Expired #5
+x509_time_expired:"data_files/test-ca.crt":valid_from:1
+
+X509 Time Expired #6
+x509_time_expired:"data_files/test-ca.crt":valid_to:0
+
+X509 Certificate verification #1 (Revoked Cert, Revoked CRL)
+x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:BADCERT_REVOKED | BADCRL_EXPIRED
+
+X509 Certificate verification #2 (Revoked Cert, Revoked CRL)
+x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":BADCERT_REVOKED | BADCRL_EXPIRED
+
+X509 Certificate verification #3 (Revoked Cert, Revoked CRL, CN Mismatch)
+x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":BADCERT_REVOKED | BADCRL_EXPIRED | BADCERT_CN_MISMATCH
+
+X509 Certificate verification #4 (Valid Cert, Revoked CRL)
+x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:BADCRL_EXPIRED
+
+X509 Certificate verification #5 (Not trusted Cert)
+x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":NULL:BADCERT_NOT_TRUSTED
+
+X509 Parse Selftest
+x509_selftest:
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
new file mode 100644
index 0000000..e9a0e19
--- /dev/null
+++ b/tests/suites/test_suite_x509parse.function
@@ -0,0 +1,126 @@
+BEGIN_HEADER
+#include <polarssl/x509.h>
+END_HEADER
+
+BEGIN_CASE
+x509_cert_info:crt_file:result_str
+{
+ x509_cert crt;
+ char buf[2000];
+
+ memset( &crt, 0, sizeof( x509_cert ) );
+ memset( buf, 0, 2000 );
+
+ TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
+ int res = x509parse_cert_info( buf, 2000, "", &crt );
+
+ TEST_ASSERT( res != -1 );
+ TEST_ASSERT( res != -2 );
+
+ TEST_ASSERT( strcmp( buf, {result_str} ) == 0 );
+}
+END_CASE
+
+BEGIN_CASE
+x509_crl_info:crl_file:result_str
+{
+ x509_crl crl;
+ char buf[2000];
+
+ memset( &crl, 0, sizeof( x509_crl ) );
+ memset( buf, 0, 2000 );
+
+ TEST_ASSERT( x509parse_crlfile( &crl, {crl_file} ) == 0 );
+ int res = x509parse_crl_info( buf, 2000, "", &crl );
+
+ TEST_ASSERT( res != -1 );
+ TEST_ASSERT( res != -2 );
+
+ TEST_ASSERT( strcmp( buf, {result_str} ) == 0 );
+}
+END_CASE
+
+BEGIN_CASE
+x509_verify:crt_file:ca_file:crl_file:cn_name:result
+{
+ x509_cert crt;
+ x509_cert ca;
+ x509_crl crl;
+ int flags = 0;
+
+ memset( &crt, 0, sizeof( x509_cert ) );
+ memset( &ca, 0, sizeof( x509_cert ) );
+ memset( &crl, 0, sizeof( x509_crl ) );
+
+ TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
+ TEST_ASSERT( x509parse_crtfile( &ca, {ca_file} ) == 0 );
+ TEST_ASSERT( x509parse_crlfile( &crl, {crl_file} ) == 0 );
+
+ int res = x509parse_verify( &crt, &ca, &crl, {cn_name}, &flags );
+
+ if( res == 0 )
+ {
+ TEST_ASSERT( res == ( {result} ) );
+ }
+ else
+ {
+ TEST_ASSERT( flags == ( {result} ) );
+ }
+}
+END_CASE
+
+BEGIN_CASE
+x509_dn_gets:crt_file:entity:result_str
+{
+ x509_cert crt;
+ char buf[2000];
+
+ memset( &crt, 0, sizeof( x509_cert ) );
+ memset( buf, 0, 2000 );
+
+ TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
+ int res = x509parse_dn_gets( buf, 2000, &crt.{entity} );
+
+ TEST_ASSERT( res != -1 );
+ TEST_ASSERT( res != -2 );
+
+ TEST_ASSERT( strcmp( buf, {result_str} ) == 0 );
+}
+END_CASE
+
+BEGIN_CASE
+x509_time_expired:crt_file:entity:result
+{
+ x509_cert crt;
+
+ memset( &crt, 0, sizeof( x509_cert ) );
+
+ TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
+ TEST_ASSERT( x509parse_time_expired( &crt.{entity} ) == {result} );
+}
+END_CASE
+
+BEGIN_CASE
+x509parse_key:key_file:password:result
+{
+ rsa_context rsa;
+
+ memset( &rsa, 0, sizeof( rsa_context ) );
+
+ int res = x509parse_keyfile( &rsa, {key_file}, {password} );
+
+ TEST_ASSERT( res == {result} );
+
+ if( res == 0 )
+ {
+ TEST_ASSERT( rsa_check_privkey( &rsa ) == 0 );
+ }
+}
+END_CASE
+
+BEGIN_CASE
+x509_selftest:
+{
+ TEST_ASSERT( x509_self_test( 0 ) == 0 );
+}
+END_CASE