Andrzej Kurek
51cef9ce38
Add missing AES_C dependency in x509 tests
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-22 15:20:48 -04:00
Andrzej Kurek
a194904055
Fix subjectAltName test prerequisites
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 15:23:56 -04:00
Andrzej Kurek
76c9662e8e
Add a test for SubjectAltName writing to a certificate
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 15:23:54 -04:00
Mukesh Bharsakle
4823d5ff0e
Merge branch 'Mbed-TLS:development' into update-pkparse-tests-to-use-AES
2023-05-10 12:35:19 +01:00
Gilles Peskine
1a24895bfd
Simplify string escapes
...
Treat backslash as a universal escape character: "\n" is a newline,
backslash escapes any non-alphanumeric character.
This affects some test cases that had "\," standing for backslash-comma.
With the new uniform treatment of backslashes, this needs to be "\\,".
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:39:54 +02:00
Mukesh Bharsakle
1a4cc5e92c
updating test-ca.key to use AES instead of DES
...
Signed-off-by: Mukesh Bharsakle <bharsaklemukesh975@gmail.com>
2023-04-10 14:05:42 +01:00
Manuel Pégourié-Gonnard
a946489efd
X.509: use MD_CAN macros
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Valerio Setti
00a6c6fcbe
test: fix for using proper sign/verify macros
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
fcc6933a53
test: fix disparities in x509parse and x509write suites
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
18b9b035ad
test: add test for a full length serial of 0xFF
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-27 11:47:57 +01:00
Valerio Setti
856cec45eb
test: x509: add more tests for checking certificate serial
...
- added 2 new certificates: 1 for testing a serial which is full lenght
and another one for a serial which starts with 0x80
- added also proper Makefile and openssl configuration file to generate
these 2 new certificates
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:45 +01:00
Valerio Setti
ea19d2db73
changelog: fixed typos
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
aad8dbd38d
test: fix tests for x509write_crt_set_serial(_new)
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Manuel Pégourié-Gonnard
edce0b42fb
Merge pull request #6454 from valeriosetti/issue4577
...
Adding unit test for mbedtls_x509write_csr_set_extension()
2022-11-15 09:39:07 +01:00
Valerio Setti
48e8fc737a
Adding unit test for mbedtls_x509write_csr_set_extension()
...
The already existing "x509_csr_check()" function is extended in order
to support/test also CSR's extensions. The test is performed by
adding an extended key usage.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-14 13:32:07 +01:00
Nicholas Wilson
ca841d32db
Add test for mbedtls_x509write_crt_set_ext_key_usage, and fix reversed order
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-30 10:25:43 +01:00
Przemek Stekiel
76b753bbb7
Change the dependencies in pem.c to xxx_BASED_ON_USE_PSA and related files
...
This is done to be able to bild test_psa_crypto_config_accel_hash component where MD5 is only available accelerated (PSA_WANT_ALG_MD5 is enabled and MBEDTLS_MD5_C is disabled) but MBEDTLS_USE_PSA_CRYPTO is disabled.
So the build should not attempt to enable pem_pbkdf1.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
050819c19e
test_suite_x509write: Move MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA dependency for x509_crt_check to .function file
...
mbedtls_x509write_crt_set_subject_key_identifier() requires MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
d34f8c36b8
x509 tests: adjust dependencies
...
*** Comparing before-default -> after-default ***
x509parse: total 723; skipped 26 -> 26
x509write: total 41; skipped 8 -> 8
*** Comparing before-full -> after-full ***
x509parse: total 723; skipped 25 -> 25
x509write: total 41; skipped 0 -> 0
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Werner Lewis
b33dacdb50
Fix parsing of special chars in X509 DN values
...
Use escape mechanism defined in RFC 1779 when parsing commas and other
special characters in X509 DN values. Resolves failures when generating
a certificate with a CSR containing a comma in subject value.
Fixes #769 .
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 11:19:50 +01:00
Werner Lewis
acd01e58a3
Use ASN1 UTC tags for dates before 2000
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-01 16:24:28 +01:00
Neil Armstrong
6ce6dd9bd7
Add Test generating certificates using an opaque EC key
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:32:03 +02:00
Neil Armstrong
98f899c7a5
Test generating certificates using an opaque RSA key
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:31:38 +02:00
Neil Armstrong
9fb9203182
Test generating CSRs using an opaque RSA key
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:31:08 +02:00
TRodziewicz
10e8cf5fef
Remove MD2, MD4, RC4, Blowfish and XTEA
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:25 +02:00
Mateusz Starzyk
e3c48b4a88
Separate SHA224 from SHA256 config options.
...
These options are still dependant on each other.
This is an intermediate step.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-28 14:38:37 +02:00
Mateusz Starzyk
3352a53475
Modify config option for SHA384.
...
Although SHA512 is currently required to enable SHA384, this
is expected to change in the future. This commit is an
intermediate step towards fully separating SHA384 and SHA512.
check_config is the only module which enforces that SHA512 is
enabled together with SHA384.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-28 14:38:37 +02:00
Darren Krahn
e560be3ab4
Mark basic constraints critical as appropriate.
...
Per RFC 5280 4.2.1.9 if the 'cA' field is set to true, the extension
must be marked critical.
Signed-off-by: Darren Krahn <dkrahn@google.com>
2020-09-21 18:25:35 -07:00
Gilles Peskine
049fefff90
Add dependencies on !MBEDTLS_SHA512_NO_SHA384 to x509/ssl unit tests
...
Add dependencies on !MBEDTLS_SHA512_NO_SHA384 to X.509 and SSL unit
tests that use SHA-384 (identified based on having a description that
contains "SHA384" or "SHA-384").
2020-03-23 17:55:32 +01:00
Ron Eldor
9eeb8611b1
Update certificates to expire in 2029
...
Update certificates that expire on 2021, to prolong their validity,
to make tests pass three years ahead.
2019-07-10 16:46:34 +03:00
Andres Amaya Garcia
412ddf3812
Fix typo in x509write test data
2019-02-28 09:38:03 +00:00
Andres Amaya Garcia
7067f812f8
Add tests for (named) bitstring to suite_asn1write
2019-02-28 09:36:30 +00:00
Andrzej Kurek
4b11407258
Cosmetic changes
...
Adjust whitespaces, reduce test dependencies and reduce buffer size passed by 1.
2018-11-22 12:05:08 -05:00
Andrzej Kurek
5f7bad34bb
Add CSR write testing using opaque keys
...
Parse and verify CSR programatically instead of using predetermined data,
to not tamper with randomness in tests.
2018-11-22 12:05:08 -05:00
Hanno Becker
418a62242b
Extend tests/data_files/Makefile to include CRT's for CRT write test
2017-09-14 07:51:28 +01:00
Manuel Pégourié-Gonnard
e6028c93f5
Fix some X509 macro names
...
For some reason, during the great renaming, some names that should have been
prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_
2015-04-20 12:19:02 +01:00
Manuel Pégourié-Gonnard
2cf5a7c98e
The Great Renaming
...
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
Paul Bakker
8dcb2d7d7e
Support escaping of commas in x509_string_to_names()
2014-08-11 11:59:52 +02:00
Manuel Pégourié-Gonnard
ec4d27398a
Fix curve dependencies in *keyusage tests
2014-04-29 15:06:41 +02:00
Manuel Pégourié-Gonnard
6c1a73e061
Improve x509xrite_csr testing: extensions, version
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
c5ce83a3b8
Improve x509xrite_csr testing: extensions, ECDSA
2014-04-04 16:33:01 +02:00
Paul Bakker
c7bb02be77
Moved PK key writing from X509 module to PK module
2013-09-15 14:54:56 +02:00
Manuel Pégourié-Gonnard
92cb1d3a91
Make CBC an option, step 3: individual ciphers
2013-09-13 17:25:43 +02:00
Manuel Pégourié-Gonnard
0237620a78
Fix some dependencies declaration
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
7f1f0926e4
Add test for x509write_key
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
3837daec9e
Add EC support to x509write_pubkey
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
33250b0461
Add test for x509write_pubkey_pem()
2013-09-12 11:57:01 +02:00
Paul Bakker
2397cf3ede
First certificate writing test. Full server1.crt reconstruction
2013-09-08 15:58:15 +02:00
Paul Bakker
48377d9834
Configuration option to enable/disable POLARSSL_PKCS1_V15 operations
2013-08-30 13:41:14 +02:00
Paul Bakker
82e2945ed2
Changed naming and prototype convention for x509write functions
...
CSR writing functions now start with x509write_csr_*()
DER writing functions now have the context at the start instead of the
end conforming to other modules.
2013-08-25 11:01:31 +02:00