Commit graph

410 commits

Author SHA1 Message Date
Gilles Peskine
885bcfc9d0
Merge pull request #7649 from yuhaoth/pr/add-command-for-server9-bad-saltlen
Add command for server9-bad-saltlen
2023-11-20 14:07:19 +00:00
Manuel Pégourié-Gonnard
964dee6b3f
Merge pull request #8442 from lpy4105/issue/8355/driver-only-cipher_aead-x509
X.509: Support driver-only cipher+aead
2023-11-06 09:10:57 +00:00
Dave Rodgman
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Pengyu Lv
2151ba55f6 test_suite_x509write: use plaintext key file
Some test cases are using encrypted key file, thus have
dependency on low-level block cipher modules (e.g. AES).
This commit adds unencrypted key file so that we could
get rid of those dependencies.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-31 18:12:04 +08:00
Jerry Yu
6f21dd5694 move script to tests/scripts
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-24 15:45:41 +08:00
Jerry Yu
53a332d970 fix various issues
- rename file name from `early_data.txt` to `tls13_early_data.txt`
- fix typo issue
- remove redundant parameter

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-23 13:52:56 +08:00
Jerry Yu
2f3f968033 fix wrong typo and indent issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-18 15:07:10 +08:00
Jerry Yu
ca3790d653 Add server9-bad-saltlen generate command
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-18 15:07:09 +08:00
Jerry Yu
e649cecb43 Add data file for early data input
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-12 15:02:01 +08:00
Gilles Peskine
3cea3efc25
Merge pull request #8025 from AgathiyanB/accept-numericoid-hexstring-x509
Accept numericoid hexstring x509
2023-09-13 08:54:33 +00:00
Gilles Peskine
2e38a0d603 More spelling corrections
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-12 19:19:31 +02:00
Agathiyan Bragadeesh
a0ba8aab2e Add test for non ascii x509 subject name
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
dba8a641fe Add and update tests for x509write and x509parse
Due to change in handling non-ascii characters, existing tests had to be
updated to handle the new implementation. New tests and certificates
are added to test the escaping functionality in edge cases.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:52 +01:00
Gilles Peskine
d686c2a822
Merge pull request #7971 from AgathiyanB/fix-data-files-makefile
Fix server1.crt.der in tests/data_files/Makefile
2023-08-21 14:43:07 +00:00
Gilles Peskine
dbd13c3689
Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01
Updating crt/crl files due to expiry before 2027-01-01
2023-08-17 15:38:35 +00:00
Gilles Peskine
d370f93898
Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn
OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's
2023-08-16 09:19:46 +00:00
Gilles Peskine
a79256472c
Merge pull request #7788 from marekjansta/fix-x509-ec-algorithm-identifier
Fixed x509 certificate generation to conform to RFCs when using ECC key
2023-08-07 19:14:54 +00:00
Agathiyan Bragadeesh
8dc913899d Fix server1.crt.der in makefile
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-07-24 10:44:00 +01:00
Andrzej Kurek
34ccd8d0b6 Test x509 csr SAN DN and RFC822 generation
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-07 08:18:43 -04:00
Jerry Yu
ba3eee7211 Add indent
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-06 10:16:15 +08:00
Jerry Yu
4d31022d90 Add missed intermediate file
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-06 10:16:14 +08:00
Jerry Yu
c5b2e284fa Remove workaround code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-06 10:16:10 +08:00
Jerry Yu
2ef2e78837 Add commands for test_certs.h
And update target file

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-06 10:13:46 +08:00
Jerry Yu
5811869311 Add test_certs.h generate script
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-06 10:13:46 +08:00
Pengyu Lv
b687c03183 Fix the command for server9-sha*.crt
The new command could generate
parse_input/server9-sha*.crt correctly.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
49c56e651d Add target for parse_input/cert_example_multi_nocn.crt
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
19e949e644 Fix typo and long line format
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
736d2bb715 Update crl-rsa-pss-*.pem manually
The rules will be in a seperate PR.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
59f392cd4d upgrade server9-bad-saltlen.crt
Upgrade scripts
```python
import subprocess
from asn1crypto import pem, x509,core

output_filename="server9-bad-saltlen.crt"
tmp_filename="server9-bad-saltlen.crt.tmp"
tmp1_filename="server9-bad-saltlen.crt.tmp1"

subprocess.check_call(rf''' openssl x509 -req -extfile server5.crt.openssl.v3_ext \
        -passin "pass:PolarSSLTest" -CA test-ca.crt -CAkey test-ca.key \
        -set_serial 24 -days 3650 \
        -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
        -sigopt rsa_mgf1_md:sha256 -sha256 \
        -in server9.csr -out {output_filename}
''',shell=True)

with open(output_filename,'rb') as f:
    _,_,der_bytes=pem.unarmor(f.read())
    target_certificate=x509.Certificate.load(der_bytes)

with open(tmp_filename,'wb') as f:
    f.write(target_certificate['tbs_certificate'].dump())

subprocess.check_call(rf'openssl dgst -sign test-ca.key -passin "pass:PolarSSLTest" \
                        -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \
                        -sigopt rsa_mgf1_md:sha256 -out {tmp1_filename} {tmp_filename}',
                        shell=True)

with open(tmp1_filename,'rb') as f:
    signature_value= core.OctetBitString(f.read())

with open(output_filename,'wb') as f:
    target_certificate['signature_value']=signature_value
    f.write(pem.armor('CERTIFICATE',target_certificate.dump()))
```

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
4ad45c01b9 Update server9*.crt
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
8c40c573b2 Add server9-bad-{mgfhash,saltlen}.crt
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
b5ac935e44 Add rules to generate server9*.crt
Except for server9-bad-saltlen.crt and
server9-bad-mgfhash.crt.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
4ca9520582 Update server1-nospace.crt
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
0efdfcbfd3 Update v1 crt files
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
0d545a1815 Update cert_example_multi_nocn.crt
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
e025cb2096 Add rules to generate cert_example_multi_nocn.crt
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
d9ba29733e Update server5.[e]ku-*.crt
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
1ca5c0eae9 Add rules to generate server5.[e]ku-*.crt
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
5b91dc7265 Update server2.ku-*.crt
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
0063599e6f Add rules to generate server2.ku-*.crt
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
55ee7f8e13 Add rule for server2-badsign.crt
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
0f381fd02f Update test-ca2.ku-*.crt
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
5a1dbf3d6e Fix the rule for server5-ss-forgeca.crt
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
affc294dfe Add the rule and update server6-ss-child.crt
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
4d69b29076 Update server5-selfsigned.crt
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Andrzej Kurek
78ecf41f22 Change spaces to a tab in a makefile recipe
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-30 08:42:05 -04:00
Andrzej Kurek
03478d2b90
Merge branch 'development' into issue/7816/add-commands-for-files-in-parse_input
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-30 14:38:05 +02:00
Pengyu Lv
18730ddbcf fix fragile way to refer to server1.req.sha256
The original varible $< is fragile especially
when there are multiple rules for the same
target.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-06-30 00:23:13 +08:00
Pengyu Lv
ab266491f0 Make parse_input targets depend on files in parse_input if possible
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-06-29 13:06:55 +08:00
Andrzej Kurek
7d55dd2356 Fix malformed directoryName extensions
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-29 10:36:44 +08:00