Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields

Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates Signed-off-by: toth92g <toth92g@gmail.com>
2021-02-22 13:17:32 +01:00 · 2021-02-22 13:17:32 +01:00 · 27f9e7815c
commit 27f9e7815c
parent a41954d0cf
5 changed files with 22 additions and 2 deletions
--- a/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
+++ b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
@ -0,0 +1,2 @@
+API changes
+   * x509 certificate parse functionality is extended with the possibility of extracting SignatureKeyId and AuthorityKeyId fields
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -41,7 +41,7 @@ int main(void)

 /* Size of memory to be allocated for the heap, when using the library's memory
 * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
-#define MEMORY_HEAP_SIZE      120000
+#define MEMORY_HEAP_SIZE      180000

 #define MAX_REQUEST_SIZE      20000
 #define MAX_REQUEST_SIZE_STR "20000"
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -73,7 +73,7 @@ int main(void)

 /* Size of memory to be allocated for the heap, when using the library's memory
 * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
-#define MEMORY_HEAP_SIZE        120000
+#define MEMORY_HEAP_SIZE        180000

 #define DFL_SERVER_ADDR         NULL
 #define DFL_SERVER_PORT         "4433"
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@ -389,6 +389,15 @@ rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem
 	$(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@
 all_final += rsa_pkcs8_2048_public.der

+authorityKeyId_subjectKeyId.crt:
+	$(OPENSSL) req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout authorityKeyId_subjectKeyId.crt -out authorityKeyId_subjectKeyId.crt -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req'
+# The listed certificates are the copies of authorityKeyId_subjectKeyId.crt with error injections
+# authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt              The TAG marking the beginning of SubjectKeyId is set to 0x00
+# authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt      The TAG marking the beginning of AuthorityKeyId field is set to 0x00
+# authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt   The TAG marking that AuthorityKeyId is a sequence is set to 0x00
+# authorityKeyId_subjectKeyId_wrong_IssuerN.crt                   There are 5 different TAGs based on the x509 doc under AuthorityKeyId(keyId, Dir, Seqence of Dir, serial)
+#                                                                 Each test inject error to one of these
+
 ################################################################
 #### Generate various RSA keys
 ################################################################
--- a/tests/data_files/authorityKeyId_subjectKeyId.conf
+++ b/tests/data_files/authorityKeyId_subjectKeyId.conf
@ -0,0 +1,9 @@
+[req]
+distinguished_name = req_distinguished_name
+x509_extensions = v3_req
+prompt = no
+[req_distinguished_name]
+CN = MBEDTLS
+[v3_req]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always